question

wenbin avatar image
0 Votes"
wenbin asked GaryReynolds answered

stop nomal domain user query AD server USER & computer

Every Domain user can query the AD server accounts and
computers by "dsquery user & dsquery computer".

So is there any method to stopping the users access this data.
but the special user can.

Thanks

windows-server-2012
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GaryReynolds avatar image
0 Votes"
GaryReynolds answered

Hi @wenbin

It's the default behaviour for AD to allow authenticated user to be able to query the AD. Blocking users from reading the attributes of objects in the AD could break existing functionality. Have a look at the answers to this question, which does cover how to restrict access to specific groups.

https://docs.microsoft.com/en-us/answers/questions/707421/ad-search-privileged-groups.html

Gary.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.