Link to home
Create AccountLog in
Avatar of CatalinT
CatalinT

asked on

Limit AD querying ability / scope to a users OU

We would like to limit a users access to quering AD for entries, by for example only allowing him to query his own OU, and not the entire domain tree.

Is there an efficient way to do this? Maybe setting some kind of policy somewhere?

The issue is that we have customers who have their own isolated VM servers for applications outside our ASP environment. For easy user management and control, as well as some application requirements, those servers are members of our global domain. In order to allow application administrators access to the server, we add them to the local administrators group, but we really don't want them to be able to roam and explore our AD as they please, and as such, the question above arose.

Thank you!
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer