Solved

Hiding user information in Active Directory

Posted on 2014-10-07
4
97 Views
Last Modified: 2014-10-14
I have a complex issue I need help resolving.  I have multi-domain organization with an account domain that has all the users (30,000) within that domain.  A 3rd party company is requesting we place a r/w DC in their data-center to access a Citrix application.  The problem is that this domain consists of multiple law enforcement agencies and we need to hide personal data not allowing non-law enforcement to be able to view their personal information.  The law enforcement personnel are very concerned with non-law enforcement having access to personal data.  I need to get this done in the most efficient way.

If you need more information please let me know.
0
Comment
Question by:ITWorks
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Definitely a complex issue and understandable request.    You can take advantage of the Filtered Attribute Set with the RODC.   You will need to make sure to test this and make sure you are filtering exactly what you want.  You can search for RODC and Filtered Attribute Set but some decent links:

http://technet.microsoft.com/en-us/library/cc753459%28v=ws.10%29.aspx

http://www.frickelsoft.net/blog/?p=202

http://blogs.msdn.com/b/canberrapfe/archive/2011/07/08/adding-attributes-to-the-rodc-filtered-attribute-set.aspx

Thanks

Mike
0
 

Author Comment

by:ITWorks
Comment Utility
Thanks for the response Mike.  The company that is hosting the Citrix application is telling us RODC is not an option.  They also wont let us authenticate over the WAN and claim that it causes them to reboot their servers daily.

Thanks again,

Jim
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
Then obviously this 3rd party is not for your organization, either do it in house or find someone else.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
That is fine, you can hide with r/w DCs too.  Guido (DS MVP) has a great series on this

http://windowsitpro.com/active-directory/hiding-active-directory-objects-and-attributes

Other three parts are also there.  Again same as before...test test test.  

Thanks

Mike
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now