Fail to add a user to an AD Group - Not enough storage is available to complete this operation

	Microsoft Windows
	Component : Active Directory
	Error Message : Not enough storage is available to complete this operation

This issue can be encountered on workstations and servers when attempting to add a user to an AD group. The process will fail indicating there is not enought storage to complete the operation. On large active directories structures, this is usually caused by the AD query returning a too large amount of groups (users can be in several group inclusions and this can quickly become a large volume).

The workaround for this problem is simply to increase the memory used by the system to store the user ownership groups fetched in Active Directory. The original size of this memory reservation is 12kB on older systems (Windows 7, Windows 2008 server), 48kB on Windows 2012 and this post will explain how to push it up to 65kB. This is done by creating a registry key and rebooting the workstation or server.

Unless already created in the past, you will need to create DWORD value key named MaxTokenSize in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters. The maximum value you can set this to is 65535. Restart your device and try adding your user to the group once again.

Please keep in mind there is a hard limit of 1015 groups for a user to belong to. Beyond this limit, you will no longer be able to add that user in server security groups.
More details : http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx