Solved

How to restrict the uesrs  could see other containers and OUs view of AD containers

Posted on 2008-06-26
3
322 Views
Last Modified: 2010-03-17
How to restrict the uesrs  could see other containers and OUs view of AD containers

Hidden OUs are often used in environments that offer services to internal departments or external customers.
0
Comment
Question by:ppkpalani
3 Comments
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 250 total points
ID: 21886847
There's the nice but complex way or there's the short (something og a workaround or hack if you prefer) way; the latter simply involves placing the OUs you wish to hide in a common-parent OU and removing the relevant users and groups permissions from the parent OU.  As for the former - that's a lengthy answer built on something typically known as 'list content vs. list object' mode.
0
 
LVL 7

Assisted Solution

by:maze-uk
maze-uk earned 250 total points
ID: 24969166
Usually, you allow the default setting in you AD, which allow domain users to 'browse' the directory for resources.
If one OU contains resources that must not be accessed by users, remove the inheritance on this OU, and tweak the security according to your needs

Plan B, You can also create a security group for you external users (Let's call it 'External Users Group').
- = test the following in a lab first = -
Browse to the root of your domain, select properties, security, advanced,
then Add... "External Users Group", OK
The in Apply Onto, select 'organizational Untits Objects'
deny 'List Contents', OK
you might want to tweak further.
0

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now