How to restrict the uesrs could see other containers and OUs view of AD containers

How to restrict the uesrs  could see other containers and OUs view of AD containers

Hidden OUs are often used in environments that offer services to internal departments or external customers.
ppkpalaniAsked:
Who is Participating?
 
MSE-dwellsCommented:
There's the nice but complex way or there's the short (something og a workaround or hack if you prefer) way; the latter simply involves placing the OUs you wish to hide in a common-parent OU and removing the relevant users and groups permissions from the parent OU.  As for the former - that's a lengthy answer built on something typically known as 'list content vs. list object' mode.
0
 
maze-ukCommented:
Usually, you allow the default setting in you AD, which allow domain users to 'browse' the directory for resources.
If one OU contains resources that must not be accessed by users, remove the inheritance on this OU, and tweak the security according to your needs

Plan B, You can also create a security group for you external users (Let's call it 'External Users Group').
- = test the following in a lab first = -
Browse to the root of your domain, select properties, security, advanced,
then Add... "External Users Group", OK
The in Apply Onto, select 'organizational Untits Objects'
deny 'List Contents', OK
you might want to tweak further.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.