Solved

Active Directory groups permissions quesion

Posted on 2012-03-12
7
211 Views
Last Modified: 2012-06-16
Is there a way to prevent one Security Group-A to be added to any other Groups? During the new Group creation process, all new groups are made "member of' the that Group-A.  Where we can potentially get into some big trouble is when the members exposed to othe databases to all other users on the system.  Is it possile to structure AD in some way so that Group-A can *never* be included under the other group's tab?
0
Comment
Question by:Tiras25
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
hirenvmajithiya earned 250 total points
ID: 37713055
As far as I know, you cannot prevent showing the group you created, because of its attribute as group.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37716159
Is there any way to prevent the Group to be added as a member of other Group?
Don’t really want to hide it, but my gut says there is something to prevent it from being part of another group.  Maybe through AD Object permissions?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 37745610
Hmm, I noticed EE slow down a lot.  Do you think its on the way down?
0
 
LVL 1

Assisted Solution

by:Columbia Energy
Columbia Energy earned 250 total points
ID: 37825659
The short answer to the question is no.

Active Directory does not really play nice when it comes to modifying its object permissions.  In my experience with such, AD just resets the permissions back to default.  While I'm sure there's a way to achieve what you seek, it's likely not recommended.

With proper Active Directory structure and administrative controls, you should not need to prevent one group from being placed into another.  If Group-A is encompassing of all users on the domain, consider changing that practice.  One should always use a security model that is least permissive.  This may yield a ton of security groups, but that headache is worth having as opposed to someone with access to stuff they shouldn't.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now