Solved

How to restrict the uesrs  could see other containers and OUs view of AD containers

Posted on 2008-06-26
3
327 Views
Last Modified: 2010-03-17
How to restrict the uesrs  could see other containers and OUs view of AD containers

Hidden OUs are often used in environments that offer services to internal departments or external customers.
0
Comment
Question by:ppkpalani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 250 total points
ID: 21886847
There's the nice but complex way or there's the short (something og a workaround or hack if you prefer) way; the latter simply involves placing the OUs you wish to hide in a common-parent OU and removing the relevant users and groups permissions from the parent OU.  As for the former - that's a lengthy answer built on something typically known as 'list content vs. list object' mode.
0
 
LVL 7

Assisted Solution

by:maze-uk
maze-uk earned 250 total points
ID: 24969166
Usually, you allow the default setting in you AD, which allow domain users to 'browse' the directory for resources.
If one OU contains resources that must not be accessed by users, remove the inheritance on this OU, and tweak the security according to your needs

Plan B, You can also create a security group for you external users (Let's call it 'External Users Group').
- = test the following in a lab first = -
Browse to the root of your domain, select properties, security, advanced,
then Add... "External Users Group", OK
The in Apply Onto, select 'organizational Untits Objects'
deny 'List Contents', OK
you might want to tweak further.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question