Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to restrict the uesrs  could see other containers and OUs view of AD containers

Posted on 2008-06-26
3
Medium Priority
?
333 Views
Last Modified: 2010-03-17
How to restrict the uesrs  could see other containers and OUs view of AD containers

Hidden OUs are often used in environments that offer services to internal departments or external customers.
0
Comment
Question by:ppkpalani
2 Comments
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 1000 total points
ID: 21886847
There's the nice but complex way or there's the short (something og a workaround or hack if you prefer) way; the latter simply involves placing the OUs you wish to hide in a common-parent OU and removing the relevant users and groups permissions from the parent OU.  As for the former - that's a lengthy answer built on something typically known as 'list content vs. list object' mode.
0
 
LVL 7

Assisted Solution

by:maze-uk
maze-uk earned 1000 total points
ID: 24969166
Usually, you allow the default setting in you AD, which allow domain users to 'browse' the directory for resources.
If one OU contains resources that must not be accessed by users, remove the inheritance on this OU, and tweak the security according to your needs

Plan B, You can also create a security group for you external users (Let's call it 'External Users Group').
- = test the following in a lab first = -
Browse to the root of your domain, select properties, security, advanced,
then Add... "External Users Group", OK
The in Apply Onto, select 'organizational Untits Objects'
deny 'List Contents', OK
you might want to tweak further.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question