Shortcut to Active Directory Users and Computers - Limit view to own OU

Posted on 2012-09-17
Medium Priority
Last Modified: 2012-09-17
What the command line option is to create a shortcut to ADUC, so the a particular OU only has only have visibility to their OU? We do not want them to see other non OU User objects, when they access the ADUC via this shortcut.

What permissions do they need to be provided at the User OU level, so they can only "reset" and unlock" their users at the OU level. We don’t want them to be able to rename or delete objects.
Question by:JonBSS
LVL 57

Accepted Solution

Mike Kline earned 1000 total points
ID: 38405345
You can create a taskpad view for them   http://social.technet.microsoft.com/wiki/contents/articles/2816.how-to-create-custom-mmc-and-add-taskpad.aspx

I actually wish this feature would be improved.

In the delegation control wizard or ACL on the OU you can get granular on permissions.  

There is the  "reset user passwords and force password change at next logo" using the delegation control wizard



Author Comment

ID: 38405396
Thanks Mike, I've created the Task View, how do I create a shortcut to it?

Edit: Never mind.. I was over thinking it

Right Click > New Window From here > Save the MMC with the Task view created in a new window

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question