Active Directory Lockdown to specific OUs via remote desktop?


I am starting to understand the delegation wizard in AD 2008 so thats fine but what I need help with is what would be the best practice to do the following:

Allow a security group to remote desktop to a Win2008 server that has access to AD but will only show specific Organisational Units, then lock down the server so this is all that the users can do.

E.g. remote connect to server1, then have AD/MMC load up that shows 2 OUs instead of the whole AD structure.

Any advice would be great as I am unsure where to start with this.

Who is Participating?
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.