CodeTwo Base.title

Limit the visibility of AD object for desired users

Problem:

You want to limit the visibility of a particular Active Directory object (e.g. Organizational Unit) for desired users only. Such configuration may be helpful especially for environments including tenants.

Solution:

To hide specific object you need to apply necessary changes directly in the Active Directory, as every CodeTwo product uses native Active Directory pickers.

Consider the following scenario: you have a user Miami Admin who is an administrator of your company's branch in Miami. Miami Admin belongs to the Organizational Unit named Miami, which is a separate OU for Miami office staff. This particular user is able to browse through its own OU, but the Users OU (which holds accounts of your head office users) should be inaccessible for him/her.

To achieve such configuration, please follow all steps described below:

  1. Open the Active Directory Users and Computers (you may simply run the dsa.msc command).
  2. Enable the Advanced Features from the View menu.
  3. Navigate to the AD object you want to hide (in that case - Users) and right mouse button click on it to open its Properties (Fig. 1.).


    Active Directory object properties
    Fig. 1. Opening Properties of a particular AD object.

  4. In the Properties window, switch to the tab named Security.
  5. Add the Miami Admin user to the security list.
  6. Set the Full access to Deny. This will set all other permissions as denied. (Fig. 2.).

AD object properties
Fig. 2. Denying all permissions for Miami Admin account.

From now, the user Miami Admin will neither be able to browse the Users OU nor to select any users which are its members.  

See also:

Our Clients:
Unicef
Facebook
Shell
T-Systems
Loreal
Casio
UPS Israel
Oford University
Mitsubishi Motors
Toshiba TEC UK Imaging Systems Ltd
Illinois Institute of Technology
MAN Diesel
McDonalds India
Skoda Auto
Bank of Israel
Fujifilm
China Mobile
Santander
Samsung SDI
Skanska
Generali
Telmex
Toyota Tsusho
BECHTEL
Ricoh
BAE SYSTEMS
Federação Portuguesa de Futebol
Credit Agricole
HYUNDAI
Rothschild
Toyota Boshoku
Oriflame Romania
ING
Ikea
Nordea

Partners, certificates & awards