When you delegate access rights, the Access Control List (ACL) changes on Active Directory containers are pushed down to all objects within the container, increasing the size of each object.
Each Access Control Entry (ACE) within the ACL, causes an object to grow by approximately 70 bytes per ACE.
Because security principals can contain other objects, it is preferable to delegate access rights to groups, instead of users. When you add a user to a group that has already been delegated rights, no change in database size occurs.
0 comments
Hide comments
