• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Best way to hide OU's etc from AD browsers?

W

watts3000

Senior member

What is the best method to disable the ability for users to see certain OU's in AD if they browse the directory?

For example I dont want users to be able to see the "Domain Controllers" OU when they browse.

Removing "auth users" read access from the OU does the trick but this has unwanted interactions with GPO's.
 
I believe if you go into the advanced options and deny "list" capabilities it will do what you are looking to accomplish. Keep in mind that no matter how you set the permissions you should really be doing this to a specific group and not "authenticated users" since admins (you) are part of this group. This will work best if you had a specific security group that your end users are part of but your administrative personel are not.

The other option would be to remove list permissions for "authenticated users" and "domain users" but allow list permissions for any of your security groups that you think should be able to list it.

-Spy
 
So...if you learn how to use Active Directory do you automatically learn what the acronyms mean? 🙂 I had to guess to even figure out AD initially.
 
Originally posted by: Lord Evermore
So...if you learn how to use Active Directory do you automatically learn what the acronyms mean? 🙂 I had to guess to even figure out AD initially.
Click to expand...
It get's really hard to spell everything out all the time, but here is a quick legend for you. 😀

AD=Active Directory (Windows 2000 Replacement for the NT4 Domain)
OU=Organizational Unit (basically you can think of this as a sub-directory of the AD)
DC=Domain Controller
PDC=Primary Domain Controller
OM=Operations Master

And that's just to get you started, there are plenty more acronyms and it gets really fun when you start talking about the forrests
rolleye.gif


-Spy
 
One of the big things Novell got right that MS doesn't seem to be able to implement. The fact that if you don't have rights to list a directory's contents, you don't see the directory at all in the parent listing, in Novell's world it works both in NDS and in the filesystem.
 
Originally posted by: Nothinman
One of the big things Novell got right that MS doesn't seem to be able to implement. The fact that if you don't have rights to list a directory's contents, you don't see the directory at all in the parent listing, in Novell's world it works both in NDS and in the filesystem.
Click to expand...
I agree, it would have been nice if they could have gotten that right.

I would assume that with Longhorn they will have their Directory listing vastly improved or otherwise thanks to the new filesystem, but at this point it's kind of hard to speculate.

-Spy
 
I would assume that with Longhorn they will have their Directory listing vastly improved or otherwise thanks to the new filesystem, but at this point it's kind of hard to speculate.
Click to expand...

I doubt the filesystem has anything to do with the lack of whatever you call that 'feature' mentioned above. I read somewhere that MS never did it because it was too resource intensive, which I can't understand since Novell has been doing it just as fast as normal operations atleast since NetWare 4.x when NDS was introduced, I'm not sure if 3.x has the directory hiding feature or not.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top