[Samba] Active Directory Capacity?

[Luke Barone]

Hi list,

I am wondering if there is a theoretical maximum for an Active Directory
forest, according to Samba or MS? My concern comes from this.

We are piloting AD with Samba 4 at a couple of our schools. My thought was
to eventually get the top-level forest hosted at our central office, then
setup each school as a "site" with its own AD DC at the site, configured to
use each school's subnet as the AD server to authenticate with.

I ran this by our working group, and they are concerned that with 2000+
staff and 40,000 students (just an estimate), that the AD database would
grow too large, and take forever for the users to log in. I believe it
won't make a large difference, as users would just authenticate against the
server in their subnet. We have 50 sites that are able to talk to each
other through a 10.x.x.x network, each with their own subnet.

Is there a concern with capacity in this case? Currently, we have 2 AD
servers in each of the pilot sites running as VMs, using 2GB of RAM. Our
plan moving forward is to likely keep two AD DCs at each site, but I want
to know if we can just setup one large forest, or if each site should
remain its own forest.

Thanks