Limit AD Searches

Hi Experts,

Hoping you can help? I want to be able to delegate some permissions to users to manage groups/reset passwords etc

The following article really helped me come up with a way, by using rundll32 dsquery,OpenQueryWindow and publishing it via citrix

https://serverfault.com/questions/683152/how-to-let-non-admins-manage-selected-domain-groups-membership

However, the only problem thus far is it seems to show too much information. Namely, they can also see service accounts and computer names (things of no relevance to them)

Is their a way to restrict this so they can only see groups and users, either through AD permissions or another tool?

Kind Regards
LVL 4
Graham HirstIT EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
No, if they have ADUC then they will be able to see those objects, but they will not have permissions to edit or modify them. only the permissions you allocated.
0
Shaun VermaakTechnical SpecialistCommented:
No, the easiest is to get a tool that only exposes certain functions. The same concept of a password reset tool that only shows what is required to reset a password. Get/develop a tool that only shows what is required. Remember AD is a directory service and it is doing exactly what it is supposed to.
https://www.experts-exchange.com/articles/30866/Active-Directory-Password-Reset-Tool.html
0
Graham HirstIT EngineerAuthor Commented:
I've found a few tools that seem to tick the box

http://www.cjwdev.co.uk/Software/GroupMan/Info.html
http://www.tomsitpro.com/articles/active-directory-security-group-management,2-816.html

Does any one have any others or any experience with them?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sam BloomCommented:
Check out this one. It's a 3rd party tool that has a web interface. You can customize it to delegate various tasks to users and also limit, which parts of AD they can see: https://www.adaxes.com/tutorials_DelegatingPermissions_HideADObjectsFromUsers.htm
1
timgreen7077Exchange EngineerCommented:
Closing ticket and assigning points and selected author's response as best answer since author found a tool that helps, but experts also gave options.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.