Application and Desktop resources enumeration fails when user is member of more than 1100 groups
Article ID: CTX477488
Updated On:
Description
Applications and Desktop resource enumeration fails when user is member of more than 1100 groups
This issue can be seen in scenarios when Active Directory users where synced with Azure AD DS
Resolution
The recommended solution is to optimize the group membership for user, or to remove the corresponding SID history for each group.
If the group and user has SID history then your sync path should be On-prem > Azure AD >Azure AD DS
Remove the group from On-prem and the change will sync into Azure AD DS.
If the group and user has SID history then your sync path should be On-prem > Azure AD >Azure AD DS
Remove the group from On-prem and the change will sync into Azure AD DS.
Problem Cause
The issue occurs because the user's security context accumulated too many security IDs. The User Group membership exceeded. The root cause is those groups user belongs to are also migrated from original domain and those groups SID numbers doubled due to their SID history (i.e. one group contains 2 SIDs).Additional Information
It is Microsoft documented limit: more than 1,000 security identifiers (SIDs)
https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/security-content-accumated-many-security-ids
https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/security-content-accumated-many-security-ids
Was this article helpful?
Yes
No
Powered by
