Restricting access in Active Directory Users and Computers

Odd request,

is it possible to restrict access in Active directory users and cumputers, say so a user with rights to add users can only view a paticular group or items under a paticular organisational unit and can create users only for that group or under that organisational unit?

If not does anyone know of a third party package that could reside on a client machine and do the above?

Seems like a bit of a tall order I know but any suggestions warmly received.
Who is Participating?
Do you not want them to see them at all or just limit what they can change?

You can delegate certain people or groups to manage certain OUs however, I have never tried to restrict viewing of the active directory that what you want to do?
Yes...this is actually a very common practice and is built into AD. It is known as Active Directory Delegation. For example,  admins can be assigned control of their particular departmental OU and not the rest of the AD structure.

Take a look at these links:,295582,sid45_gci1050027,00.html
mbaldyAuthor Commented:
You're both quite right, but what I really need is to give the user access without them having the ability to view other organisation units and their contents, is this possible?  
mbaldyAuthor Commented:
What was i thinking, i've setup a management console containing users and computers, I've drilled down and started a new sheet for the  organisations unit, which has been saved as the only sheet and does exactly what I want, which is restrict the end user so he can modify and view only those users in his organisational unit.

Cheers guys,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.