Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AD attribute capacity

9 views
Skip to first unread message

Colm

unread,
Mar 31, 2004, 3:38:13 AM3/31/04
to
I have a requirement to use AD and ADAM as a data store.
One of the text strings to be stored as an attribute could
be up to 8k in length.
Are there limits on AD? What is the maximum amount of data
I can store in an attribute for fast retrieval and what
type or types can store this much data.
Appreciate your help.
Colm

Dmitri Gavrilov [MSFT]

unread,
Mar 31, 2004, 4:12:20 AM3/31/04
to
8k is a piece of cake. We start feeling a bit uneasy when it goes to
megabytes.
There are no practical value size limitations (I think it could go to 2 Gb),
but there are limitations on the total number of values on an object (except
linked attribute values, such as member). In w2k, you could have up to ~850
values per object, and in w2k3 that was increased to ~1300.

WRT attribute type, you can use any variable length syntax -- unicode,
string or octetString, whatever makes more sense for your data. Don't
specify rangeUpper.

WRT "fast retrieval" -- it's all pretty much linear. It will become much
slower when the resultset does not fit into memory (either server or
client). But for such huge amounts of data your network will become the
bottleneck.

One other factor to consider here is replication. If you have large values
that are changed frequently, then your replication can get heavy. We always
send the full value over the wire. But again, 8k is nothing. Most security
descriptors in production ADs are larger than that.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Colm" <anon...@discussions.microsoft.com> wrote in message
news:1613401c416fb$8175a630$a301...@phx.gbl...

Dean Wells [MVP]

unread,
Mar 31, 2004, 7:33:43 AM3/31/04
to
Dmitri Gavrilov [MSFT] wrote:
> 8k is a piece of cake. We start feeling a bit uneasy when it goes to
> megabytes.
> There are no practical value size limitations (I think it could go to
> 2 Gb), but there are limitations on the total number of values on an
> object (except linked attribute values, such as member). In w2k, you
> could have up to ~850 values per object, and in w2k3 that was
> increased to ~1300.
>
> WRT attribute type, you can use any variable length syntax -- unicode,
> string or octetString, whatever makes more sense for your data. Don't
> specify rangeUpper.
>
> WRT "fast retrieval" -- it's all pretty much linear. It will become
> much slower when the resultset does not fit into memory (either
> server or client). But for such huge amounts of data your network
> will become the bottleneck.
>
> One other factor to consider here is replication. If you have large
> values that are changed frequently, then your replication can get
> heavy. We always send the full value over the wire. But again, 8k is
> nothing. Most security descriptors in production ADs are larger than
> that.
>
>
> "Colm" <anon...@discussions.microsoft.com> wrote in message
> news:1613401c416fb$8175a630$a301...@phx.gbl...
>> I have a requirement to use AD and ADAM as a data store.
>> One of the text strings to be stored as an attribute could
>> be up to 8k in length.
>> Are there limits on AD? What is the maximum amount of data
>> I can store in an attribute for fast retrieval and what
>> type or types can store this much data.
>> Appreciate your help.
>> Colm

Your response intrigues me as it is appears to refute the following MSDN
article -

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2ksrv/html/w2kserve_chapter4.asp

Although the article references a Windows 2000 directory, I'm interested
to know your thoughts on its validity as it applies to both a 2000 and a
2003 AD. The article lists these limitations under the topic
sub-heading of "Requirements" and uses the word "must" seeming to imply
this is not a mere recommendation but a hard limit.

I've personally not experienced a need to populate a directory service
with such huge values and would be uncomfortable doing so due primarily
to the fact that we cannot replicate the discreet change, only the
resulting value.

Dean

--
Dean Wells [MVP / Windows platform]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l


Dmitri Gavrilov [MSFT]

unread,
Mar 31, 2004, 8:51:09 PM3/31/04
to
Well, it's a recommendation, and it's a valid one, especially as it applies
to replication. Also, it basically means -- we tested it to this limit and
it works ok. But there are no server-side checks for the max size of an
attribute.

In my production domain there are quite a few multi-megabyte values (FRS is
responsible for them). The domain functions ok. But I must admit our domain
is not a regular one, we torture it quite a bit by self-hosting beta OS
versions.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Dean Wells [MVP]" <dwe...@mask.msetechnology.com> wrote in message
news:#$j9sxxFE...@TK2MSFTNGP12.phx.gbl...

0 new messages