Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Restricting access in Active Directory Users and Computers

Posted on 2005-05-06
Medium Priority
Last Modified: 2011-10-03
Odd request,

is it possible to restrict access in Active directory users and cumputers, say so a user with rights to add users can only view a paticular group or items under a paticular organisational unit and can create users only for that group or under that organisational unit?

If not does anyone know of a third party package that could reside on a client machine and do the above?

Seems like a bit of a tall order I know but any suggestions warmly received.
Question by:mbaldy
  • 2
LVL 10

Accepted Solution

dis1931 earned 900 total points
ID: 13944976
Do you not want them to see them at all or just limit what they can change?

You can delegate certain people or groups to manage certain OUs however, I have never tried to restrict viewing of the active directory structure...is that what you want to do?
LVL 18

Assisted Solution

luv2smile earned 600 total points
ID: 13944993
Yes...this is actually a very common practice and is built into AD. It is known as Active Directory Delegation. For example,  admins can be assigned control of their particular departmental OU and not the rest of the AD structure.

Take a look at these links:





Author Comment

ID: 13969843
You're both quite right, but what I really need is to give the user access without them having the ability to view other organisation units and their contents, is this possible?  

Author Comment

ID: 13976648
What was i thinking, i've setup a management console containing users and computers, I've drilled down and started a new sheet for the  organisations unit, which has been saved as the only sheet and does exactly what I want, which is restrict the end user so he can modify and view only those users in his organisational unit.

Cheers guys,

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question