Hiding user information in Active Directory

I have a complex issue I need help resolving.  I have multi-domain organization with an account domain that has all the users (30,000) within that domain.  A 3rd party company is requesting we place a r/w DC in their data-center to access a Citrix application.  The problem is that this domain consists of multiple law enforcement agencies and we need to hide personal data not allowing non-law enforcement to be able to view their personal information.  The law enforcement personnel are very concerned with non-law enforcement having access to personal data.  I need to get this done in the most efficient way.

If you need more information please let me know.
Jim WobigSr. Network/Systems AnaylistAsked:
Who is Participating?
Mike KlineConnect With a Mentor Commented:
That is fine, you can hide with r/w DCs too.  Guido (DS MVP) has a great series on this


Other three parts are also there.  Again same as before...test test test.  


Mike KlineCommented:
Definitely a complex issue and understandable request.    You can take advantage of the Filtered Attribute Set with the RODC.   You will need to make sure to test this and make sure you are filtering exactly what you want.  You can search for RODC and Filtered Attribute Set but some decent links:





Jim WobigSr. Network/Systems AnaylistAuthor Commented:
Thanks for the response Mike.  The company that is hosting the Citrix application is telling us RODC is not an option.  They also wont let us authenticate over the WAN and claim that it causes them to reboot their servers daily.

Thanks again,

David Johnson, CD, MVPOwnerCommented:
Then obviously this 3rd party is not for your organization, either do it in house or find someone else.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.