What is the best method to disable the ability for users to see certain OU's in AD if they browse the directory?
For example I dont want users to be able to see the "Domain Controllers" OU when they browse.
Removing "auth users" read access from the OU does the trick but this has unwanted interactions with GPO's.