How many groups can an Active Directory account be member of?
Is there any hard limit, or do you know of other problems that can arise when you go over a certain number of group memberships?
Background: We have one account that is member of ca. 400 (possibly nested) groups, and we start to see issues in group policy handling for this account.
Best Answer
No, it's limited to 1015 (including nested groups) due to the size of a principal's security token. Here's an article that discusses AD limits, including group memberships. Have a look at the Group Memberships for Security Principals heading. Here's another KB article that talks about group memberships specifically.
There are exceptions when dealing with domain local groups outside of the domain the principal is a member of. From the KB linked to above: