Hiding Users in AD

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "-Steve-" <newsgroups@xxxxxxxxxxxxxxx>
Date: Thu, 23 Mar 2006 15:15:14 -0800

I work for a college and one of my requirments is to keep anyone except
those with administrative rights in AD from being able to view student
accounts. The most obvious way to search for a user is with the windows
address book of course.

All the students live in the same OU. If I simply go to an account, remove
the Authenticated Users from the ACL's, then I get the desired results.

Here's my questions:

1. Is there a better way to do this than a nightly script that goes through
all the accounts in the students OU and remove the Authenticated Users from
the ACL's? (remeber I don't want this behaviour to happen to Faculty/Staff)

2. Are there other side affects that I'm not aware of?

Steve

.

Follow-Ups:
- Re: Hiding Users in AD
  - From: Bill

Prev by Date: RE: Upgrading from Win2000 domains to Win2003 domains: ROLL BACK !
Next by Date: Re: Universal Group Caching
Previous by thread: RE: Security Logs
Next by thread: Re: Hiding Users in AD
Index(es):
- Date
- Thread

Relevant Pages

Re: Using existing attribute vs creating new one for student ID number
... for Lansing Public Schools for 16,000+ students. ... the schema extension was the only real option and it worked well. ... tools that specifically interact with the user class. ... accounts in synch with the AS/400 accounts required the extension so I ...
(microsoft.public.win2000.active_directory)
Going A-Okay - CFI Training Continued
... the newsgroup is really aimed at the Private/Commercial/Instrument students. ... Let me know of course if any of you think I SHOULD post the CFI training ... accounts here and I'll resume posting them here - in the meantime I'm just ... Check out my personal flying adventures from my first flight to the ...
(rec.aviation.student)
Re: Risk of issuing default password for my students
... The answer to your teachers should be resounding "No". ... What they're proposing is extremely dangerous because not only would ... > I have about 3,000 student accounts in my organization. ... From there students must change passwords at first logon. ...
(microsoft.public.security)
Re: Using existing attribute vs creating new one for student ID number
... user objects have the attribute employeeID that you can use. ... If you have students with duplicate first and last names, ... the schema extension was the only real option and it worked well. ... accounts in synch with the AS/400 accounts required the extension so I ...
(microsoft.public.win2000.active_directory)
Re: Script help
... Network administration is always a ... If these are, in fact, writing lab computers, and students have their files ... shared on a server somewhere on campus, then yes, individual accounts are ... >> need the script, just log on the account and add the printer, followed by ...
(microsoft.public.windows.server.scripting)