list mode won't help you for hiding a specific link from a group's membership list. You'll also have to worry about many other permissions to use list-mode effectivly.
E.g. Authenticated Users by default has explicit Read-Permissions on every OU and on every object contained within. So denying permissions "from the top" via inheritance won't do the trick, as these have lower priority than explicit allows (and the list-permission is part of the default READ permission). A good reason for using the LIST permission is to completely hide an OU from the UI - mainly useful in hosting environments (so that company one, can't see any existance of company 2 in the admin UI or in the GAL, the latter requiring some extra work on Exchange Address book configurations). But it's not really useful for hiding single objects. And if you're not worried about the OU object being visible, then you might as well just remove the READ permissions for Authenticated Users from it (and any other sub-OU) => your users will then not be able to browse or search the OU. However, it's generally a good idea NOT to put your ADMIN accounts into the same OU as your normal accounts. You're best off with a DUAL-account model => put the "normal" accounts (JoeRich) that your admins use for mail etc. into your general OU for users, and put the "admin" account for the same user (ADM.JoeRich) into a different OU outside of the scope of delegation for your "normal" OU. The same is true for groups - once you have implemented a dual-accounts structure, you'll usually not have a reason to add any Admin account to a group containing "normal" users. As such you don't need to hide them eather => you'll just hide the whole OU that contains the admin accounts and the admin groups... /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baudino Sent: Donnerstag, 20. Mai 2004 23:48 To: [EMAIL PROTECTED] Subject: Re: AW: [ActiveDir] hidding users AD list mode is interesting enough that we're going to look into it as well. We're also looking into the link below as a way to accomplish this. At this point we haven't tested either so I don't really know yet whether they fill your need (or ours, for that matter). Mike http://searchwin2000.techtarget.com/tip/0,289483,sid1_gci962436,00.html?track=NL-23&ad=481969 "Ulf B. Simon-Weidner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent by: cc: [EMAIL PROTECTED] Subject: AW: [ActiveDir] hidding users tivedir.org 05/20/2004 04:34 PM Please respond to ActiveDir Maybe the AD List Mode will be an option for you: http://www.chrisse.se/MAQB.asp?ID=34 Ulf -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Kern, Tom Gesendet: Donnerstag, 20. Mai 2004 20:00 An: ActiveDir (E-mail) Betreff: [ActiveDir] hidding users is there an attribute i can set in adsiedit,ldp,etc to hide a user from appearing in the usual admin gui utlilties like aduc? also when you look in group memebership, to not have s(he) appear there as well? thanls List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ******************* PLEASE NOTE ******************* This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
