[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to restrict the uesrs  could see other containers and OUs view of AD containers

Posted on 2008-06-26
3
Medium Priority
?
330 Views
Last Modified: 2010-03-17
How to restrict the uesrs  could see other containers and OUs view of AD containers

Hidden OUs are often used in environments that offer services to internal departments or external customers.
0
Comment
Question by:ppkpalani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 1000 total points
ID: 21886847
There's the nice but complex way or there's the short (something og a workaround or hack if you prefer) way; the latter simply involves placing the OUs you wish to hide in a common-parent OU and removing the relevant users and groups permissions from the parent OU.  As for the former - that's a lengthy answer built on something typically known as 'list content vs. list object' mode.
0
 
LVL 7

Assisted Solution

by:maze-uk
maze-uk earned 1000 total points
ID: 24969166
Usually, you allow the default setting in you AD, which allow domain users to 'browse' the directory for resources.
If one OU contains resources that must not be accessed by users, remove the inheritance on this OU, and tweak the security according to your needs

Plan B, You can also create a security group for you external users (Let's call it 'External Users Group').
- = test the following in a lab first = -
Browse to the root of your domain, select properties, security, advanced,
then Add... "External Users Group", OK
The in Apply Onto, select 'organizational Untits Objects'
deny 'List Contents', OK
you might want to tweak further.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question