[zerg2k]

Looks like you have some knowledge hole. Let’s start with MSSQL you can use AD groups and those are the one and only thing that database setups are concerned with. On the AD side users get added/removed all the time. I have personally managed this kind of system with nearly “0” overhead on the DB side. Group assignment is the maintained by team managers decentralizing the whole thing.

For non Kerberos Linux systems using LDAP to synchronize group membership is the only extra automation needed.

It is possible and fairly easy to manage a very large number of accounts IF done properly.