Re: Controlling object visibility

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Dmitri Gavrilov [MSFT]" <dmitrig@xxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 15 Jun 2005 01:07:23 -0700

---

Put AD into ListObject mode by setting the 3rd char of dsHeuristics to 1.
Remove ListContents from DivisionX.
Add ListObject to DivisionX
Add ListObject to Users
Don't add ListObject to Admins.

This should hide Admins but not Users. Note in order to see an object in LO
mode, you need LO on both parent and the object itself.

Examine default ACEs in the subtree for any unneeded LC. Note that explicit
ACEs come before inherited ones

--
Dmitri Gavrilov
SDE, DS Admin eXperience

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"NickvW" <me@xxxxxxxxxxx> wrote in message
news:ePMZweOcFHA.132@xxxxxxxxxxxxxxxxxxxxxxx
>I am using Server 2003 with SP1 configured as a Domain Controller.
>
> I am trying to administer the Active Directory from a Windows XP
> Professional with SP2 machine.
>
> I have a parent OU 'DivisionX'.
>
> I have two child OUs 'Users' and 'Admins'.
>
> How do I hide the Admins OU from Authenticated Users when they browse the
> directory with the Active Directory Users and Computers snapin?
>
> Removing Authenticated Users from the DACL on the Admins OU doesn't work;
> there is still an object of type 'Unknown' visible through the snapin.
>
> I have tried enabling the List Object permission, and various combinations
> of List Contents, List Object and Read All Properties but cannot seem to
> get rid of the 'Unknown' reference.
>
> Any ideas please?
>
> Nick


.

---

• Follow-Ups:
  • Re: Controlling object visibility
    • From: NickvW
  • Re: Controlling object visibility
    • From: NickvW

• References:
  • Controlling object visibility
    • From: NickvW

• Prev by Date: Re: Azman: AzAuthorizationStoreClass.Initialize
• Next by Date: Re: About ADAM replicated instance
• Previous by thread: Re: Controlling object visibility
• Next by thread: Re: Controlling object visibility
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Controlling object visibility ... Remove ListContents from DivisionX. ... Add ListObject to DivisionX ... This should hide Admins but not Users. ... I created User1 in the Users container who is not a member of any privileged groups for testing. ... (microsoft.public.windows.server.active_directory) Re: Controlling object visibility ... Remove ListContents from DivisionX. ... Add ListObject to DivisionX ... This should hide Admins but not Users. ... I even disengaged inheritance on both child OUs and removed all other permissions except those for User1, ... (microsoft.public.windows.server.active_directory) Re: Controlling object visibility ... >> Put AD into ListObject mode by setting the 3rd char of dsHeuristics to 1. ... >> Remove ListContents from DivisionX. ... >> This should hide Admins but not Users. ... User1 needs ReadAllProperties on DivisionX to see the child OUs. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2005-06