We help IT Professionals succeed at work.
Get Started

Limit AD querying ability / scope to a users OU

CatalinT
CatalinT asked
on
541 Views
Last Modified: 2012-05-10
We would like to limit a users access to quering AD for entries, by for example only allowing him to query his own OU, and not the entire domain tree.

Is there an efficient way to do this? Maybe setting some kind of policy somewhere?

The issue is that we have customers who have their own isolated VM servers for applications outside our ASP environment. For easy user management and control, as well as some application requirements, those servers are members of our global domain. In order to allow application administrators access to the server, we add them to the local administrators group, but we really don't want them to be able to roam and explore our AD as they please, and as such, the question above arose.

Thank you!
Comment
Watch Question
CERTIFIED EXPERT
Top Expert 2013
Commented:
This problem has been solved!
Unlock 1 Answer and 1 Comment.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE