• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

Windwos 2003 Delegate Control

Hi,

Is it possible to hide the OUs from a group that I have delegated control to only 1 OU.  So far the user can see all OUs but they are restricted from making changes
0
thomasm1948
Asked:
thomasm1948
1 Solution
 
KCTSCommented:
Create a custom console or taskpad for them and make them use that rather than ADUC.

http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
MaheshArchitectCommented:
What you are trying to do is simply not required \ possible because access based enumeration feature is not enabled \ available with ADUC as far as I know.

Every domain user is authenticated user and if he logon to management workstation \ DC, he can view all AD OUs \ containers and all underneath objects, this is by default right granted by AD.
But it not means that every user get any write permissions in AD
The standard users get only read rights through out entire domain
That is why you need to delegate OU control to your OU admins in order to get rights to modify \ make changes

However if you want, You can restrict delegated users from viewing unnecessary OUs. You need to do that per OU basis and from OU properties \ security properties
All you need to do is to provide deny read permissions to delegated users \ groups on respective OU
Now when users will logon to ADUC, they can't able to locate OU in ADUC, instead they will look root OU object as unknown object in right hand side pen \ explorer area in active directory
if you have 100s of OU, then you can't \ don't want to do this manually as there is no automation \ software out there to do this task

Again you can't block users on domain root container and allow them specific OU because as soon as you block them at root level, they will simply fail to open ADUC

The best way I can see is to just delegate them on their specific OU with required rights

Mahesh.
0
 
thomasm1948Author Commented:
Thank you, that worked
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now