Solved

Hide OUs in Active Directory Users and Computers

Posted on 2008-06-25
7
2,224 Views
Last Modified: 2012-05-05
I want to delegate permissions to an admin in Active Directory Users and Computers.  I also don't want the admin to see any other containers than the one that is being delegated to him.  Is this possible?
0
Comment
Question by:ENTPF
7 Comments
 
LVL 8

Expert Comment

by:DenverRick
ID: 21866297
No.  You can prevent the access by him but he will still see the the containers.  There is no "hidden" feature like there is for Folder shares.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21866385
Actually it is possible, but -extremely- non-trivial. By default, the Authenticated Users group has Read access to nearly the entire directory. You can remove this permission at the domain level and assign Read permissions manually at lower OU levels, but it needs to be carefully tested in a lab environment before deploying to production, as it has the potentical to break a -lot- of applications, including Group Policy.
0
 
LVL 8

Expert Comment

by:DenverRick
ID: 21866458
Totally unsupported.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21866523
Totally incorrect - google "Confidentiality bit" for some examples, or come to the Directory Experts Conference most years to listen to Guido Grillenmeier or someone else from HP present on it.  Any number of organizations have implemented it, but it is absolutely something that must be done with care and with significant testing.
0
 
LVL 5

Accepted Solution

by:
minvis earned 500 total points
ID: 21868686
It can easily be done with MMC.

Open "Active directory users and computers" snap-in in the MMC. Right-click the OU you've delegated en choose open in new window. Close the other window in MMC and save the console as an *.msc file.

If anyone opens this file he/she will see only one OU.

Good luck!
0
 

Expert Comment

by:Datago
ID: 33532259
The "Acceptde Solution" is is not completely correct infact if a domain user install Windows Server 2003 Administration Tools Pack or RSAT can see all ad ou, users, ou and computers.
0
 
LVL 13

Expert Comment

by:khairil
ID: 36363281
Hi,

Datoga comment is right, unless you can program youself special tools, having delegation does not mean that all other OUs and it contents are hidden from the user. They just not be able to change/delete it.

-khairil-
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now