Maximum AD Object size?

  • 39 Views
  • Last Post 3 days ago
a-ko posted this 2 weeks ago

Hey guys,

Is there a recommendation on maximum Object size in AD?

I've heard 8MB floating around. We're looking at extending the schema to include potentially large byte string blobs. I want to limit the size of these but also want to give folks some freedom in what the can do (large images).

User object Picture attribute is limited to 1MB. that's kind of small in modern cases for some stuff we're doing. So I'm wondering what I can get away with here.

-Mike

Get Outlook for iOS

Order By: Standard | Newest | Votes
a-ko posted this 2 weeks ago

Woops. Rather it's 100KB limited. Not 1MB...




Get Outlook for iOS








show

chriss3 posted this 2 weeks ago

Yes 8MB~ - choosing a linked attr with DNBinary syntax would be most efficient from a DB (NTDS.dit) perspective (storing the info in the binary part) this will generate a new row in the link table for each value stored, instead of adding to the objects row within the datatable. But if I recall correctly the DRA set’s the limit around 8mb, but I could be wrong on that part. 

show

a-ko posted this 2 weeks ago

I’ll probably just tell them they’ll need to store that info on their end, or we’ll just use a string value that references the external data they can pull from

😉



 

show

Mahdi posted this 2 weeks ago

Just wondeting what would be the best possible way to find this limit without deep searching in web? Shall we add items to a multi-valued attributed of an object in a PowerShell loop untils it throws an error, then we find the size of that object?

GuyTe posted this 2 weeks ago

There might be a downside to using DNWithBinary syntax if recycle bin is not turned on: deleting the value will tombstone the link without freeing up the space.

 

Guy

 

show

chriss3 posted this 6 days ago

Hmm the link-value will stay absent for TSL yes. But will then be physically removed from the DB logged as 1697. How is that different from with Recycle Bin on while the link becomes deactivated?   

show

GuyTe posted this 6 days ago

Not different. I assumed that it’s obvious that with RB on the data will stay for TSL in any case.

Without RB, using a -non-LVR attribute has an upside of releasing the space the moment the object is deleted.

 

show

DonH posted this 6 days ago

Well, only if bit 0x8 is clear on the searchFlags on the attribute definition in the schema.  Without recycle bin which attribute values are stripped at logical deletion and which stay until tombstone removal is under schema control. DonH 

show

chriss3 posted this 5 days ago

Even on linked attrs?  

show

DonH posted this 5 days ago

No, good point.  Pre-RB linked attributes were always stripped at logical deletion time, both directions. 

show

GuyTe posted this 3 days ago

My bad. Do not know what I was thinking…



 

show

Close