[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 190
  • Last Modified:

Publishing in Active Directory

I am insterested in upgrading my NT domain to Windows 2003. In the tests I have done though, it published all my users and groups to the Directory. I do not want to do this, my users have no need to know this information. Is there a way to prevent the users and groups from being published in the Directory? Thanks for any help in advance.
1 Solution
No, if you install Active directory. But, why bother if they are published?
No, that's what AD does, it publishes information.  However, you could create  separate domains and place different departments in those domians so they are unaware of each other.  A little kludgy, but it's a way to do it.  Otherwise, stick with NT, or move to linux

Chris DentPowerShell DeveloperCommented:

The directory is an information store - in much the same way that the NT User database is an information store.

So, yes the users are published in Active Directory, but they aren't published there for the benefit of your users but so your domain can deal with all the objects involved.

By default users will have little or no access to the objects stored in the Directory, to see it requires that they have the administrative tools.
If you want to prevent users from browsing AD to look at info, here is your link.  This will not prevent them from searching AD if they need info.  I believe there is a way to do that too, but there may be negative aspects to that move also.


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now