This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible to put a cap on the total number of members a group can have?


Just wondering if/how I could use ActiveRoles to put a limit on the number of members a group can have? Ideally I would like certain AD groups to have a maximum number of members, and then preventing new members from being added until the member count has dropped below quota again. In our organization, we publish Citrix apps via groups and are trying to prevent apps being oversubscribed by introducing a limit to the nr of group members.

Thanks for any suggestions you may be able to provide! Regards,


  • (option1) custom script inside ARS policy onPreModify() handle. Read Ad\group.members, count and throw error if > max allowed.

    (option2) scheduled (nightly) script AD\group.VA_MaxAllowed class extention. IF AD\group.members.Number -ge AD\group.VA_MaxAllowed, THEN set flag AD\group.VA_MaxReached = TRUE, which puts the group in MU_DENY_GROUPS = All Groups with VA_MaxReached-eq True with linked ARS AT DENY change Members attribute to all AD\ARS_HelpDesk users.
  • Thanks Aidar, very helpful!!