JSI Tip 7489. The Active Directory database grows when you delegate access rights?

When you delegate access rights, the Access Control List (ACL) changes on Active Directory containers are pushed down to all objects within the container, increasing the size of each object.

Each Access Control Entry (ACE) within the ACL, causes an object to grow by approximately 70 bytes per ACE.

Because security principals can contain other objects, it is preferable to delegate access rights to groups, instead of users. When you add a user to a group that has already been delegated rights, no change in database size occurs.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.