Hiding an OU from AD query

  • Thread starter Thread starter Blake
  • Start date Start date
B

Blake

Best practices says you should create an admin-level ID for each domain
admin (rather than each admin using the same, shared ID).

Problem is, this ID shows up in a START - SEARCH FOR PEOPLE query. Is there
a quick/painless way to hide the Users OU from a desktop AD query run by a
standard Domain User?

Thanks
Blake
 
Blake said:
Best practices says you should create an admin-level ID for each domain
admin (rather than each admin using the same, shared ID).

Problem is, this ID shows up in a START - SEARCH FOR PEOPLE query. Is
there a quick/painless way to hide the Users OU from a desktop AD query
run by a standard Domain User?
Click to expand...

Move those special users accounts to their own ID and only grant
READ to Admins? (Should work but I haven't gone and tested it.)
 
I did a couple of tests on a DC in a virtual machine and it seems that is
working (removed Auth Users, Pre Windows 2000 groups from the OU's ACL).

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Herb Martin said:
Blake said:
Best practices says you should create an admin-level ID for each domain
admin (rather than each admin using the same, shared ID).

Problem is, this ID shows up in a START - SEARCH FOR PEOPLE query. Is
there a quick/painless way to hide the Users OU from a desktop AD query
run by a standard Domain User?
Click to expand...

Move those special users accounts to their own ID and only grant
READ to Admins? (Should work but I haven't gone and tested it.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks
Blake
Click to expand...
Click to expand...
 
Cool

I'll try it

Blake

Andrei Ungureanu said:
I did a couple of tests on a DC in a virtual machine and it seems that is
working (removed Auth Users, Pre Windows 2000 groups from the OU's ACL).

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Herb Martin said:
Blake said:
Best practices says you should create an admin-level ID for each domain
admin (rather than each admin using the same, shared ID).

Problem is, this ID shows up in a START - SEARCH FOR PEOPLE query. Is
there a quick/painless way to hide the Users OU from a desktop AD query
run by a standard Domain User?
Click to expand...

Move those special users accounts to their own ID and only grant
READ to Admins? (Should work but I haven't gone and tested it.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks
Blake
Click to expand...
Click to expand...
Click to expand...
 
Back
Top