Configuring Active Directory rights
hello,
we using hosted active directory in have configured our active directory no users can see each other in different ou's.
this works fine, have configured users aren't able see other default ou's , objects.
this works fine except when deny list object rights on top domain, when user unable logon.
does know how can solve behavior?
if need more information, please let me know.
regards,
remco
<o:p></o:p>
cheers,<o:p></o:p>
(hopefully information helps you!)
jorge de almeida pinto | mvp identity & access - directory services
-------------------------------------------------------------------------------------------------------
* posting provided "as is" no warranties , confers no rights!
* evaluate/test before using/implementing this!
* disclaimer: http://jorgequestforknowledge.wordpress.com/disclaimer/
-------------------------------------------------------------------------------------------------------
################# jorge's quest knowledge ###############
###### blog url: http://jorgequestforknowledge.wordpress.com/ #####
#### rss feed url: http://jorgequestforknowledge.wordpress.com/feed/ ####
-------------------------------------------------------------------------------------------------------<o:p></o:p>
we have given customers delegate control change passwords etc. because of this, have access active directory.
we saw able see other ou's, group membership etc. using default rights on groups.
now have taken read rights specific groups , list object & list content rights default object. gives no problems, unless block list object rights on top domain level.
so wondering if hide objects users can see own ou , nothing of default ou , customers ou.
you're right hiding default ou's not necessary think it's nicer , more user friendly this.
jorge de almeida pinto [mvp-ds] (http://jorgequestforknowledge.wordpress.com/)
Windows Server > Directory Services
Comments
Post a Comment