You would have to script this but I wouldn't do this. If you move a user
then you might have to go and corredct permissions, etc... There should be
nothing wrong with a user being able to read other user objects.
--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com Twitter - @pbbergs
Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"sureshpalani" <> wrote in message
news:...
>
> Hi There,
>
> Is there a way I can restrict user access to the OU they are in and
> restrict access to other OU's.
>
> When we create a user, they would be part of Domain users, with
> read-only access on all domain objects. I want to override this and give
> them read permission on the OU they are part of.
>
> Thanks,
> Suresh
>
>
> --
> sureshpalani
> ------------------------------------------------------------------------
> sureshpalani's Profile: http://forums.techarena.in/members/162371.htm
> View this thread: http://forums.techarena.in/active-directory/1346910.htm
>
> http://forums.techarena.in
>
Similar Threads
Linear Mode
