I did something like that in my environment. Basically, I put all the users in an OU into a group, and allowed only that group, plus various pertinent admin groups, to read/list resources. It works well enough, but can take time to get it all down. For a real large environment, it may not be the best solution.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega > Sent: Thursday, May 20, 2004 1:30 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] hidding users > > > Not sure about an attribute, but shouldn't you be able to set > the security permissions on the user(s) in question with a > DENY ALL for whichever group or user you are trying to keep > out? At the very least the object will show up but will show > up as UNKNOWN and the person with the DENY ALL access to it > will be unable to view/modify anything further with it. > > Of course this may not be the best approach - I'm sure that > will come out as the others on this list chime in :) > > r/ > Lou > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Thursday, May 20, 2004 2:00 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] hidding users > > is there an attribute i can set in adsiedit,ldp,etc to hide a > user from appearing in the usual admin gui utlilties like > aduc? also when you look in group memebership, to not have > s(he) appear there as well? thanls > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
