Limit AD Searches

Hi Experts,

Hoping you can help? I want to be able to delegate some permissions to users to manage groups/reset passwords etc

The following article really helped me come up with a way, by using rundll32 dsquery,OpenQueryWindow and publishing it via citrix

However, the only problem thus far is it seems to show too much information. Namely, they can also see service accounts and computer names (things of no relevance to them)

Is their a way to restrict this so they can only see groups and users, either through AD permissions or another tool?

Kind Regards
James GlenIT EngineerAsked:
Who is Participating?
James GlenIT EngineerAuthor Commented:
I've found a few tools that seem to tick the box,2-816.html

Does any one have any others or any experience with them?
timgreen7077Exchange EngineerCommented:
No, if they have ADUC then they will be able to see those objects, but they will not have permissions to edit or modify them. only the permissions you allocated.
Shaun VermaakTechnical Specialist/DeveloperCommented:
No, the easiest is to get a tool that only exposes certain functions. The same concept of a password reset tool that only shows what is required to reset a password. Get/develop a tool that only shows what is required. Remember AD is a directory service and it is doing exactly what it is supposed to.
Sam BloomCommented:
Check out this one. It's a 3rd party tool that has a web interface. You can customize it to delegate various tasks to users and also limit, which parts of AD they can see:
timgreen7077Exchange EngineerCommented:
Closing ticket and assigning points and selected author's response as best answer since author found a tool that helps, but experts also gave options.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.