list mode won't help you for hiding a specific link from a group's membership list.
You'll also have to worry about many other permissions to use list-mode effectivly.
E.g. Authenticated Users by default has explicit Read-Permissions on every OU and on
every object contained within. So denying permissions from the top via inheritance
won't do the trick, as these have lower priority than explicit allows (and the
list-permission is part of the default READ permission).
A good reason for using the LIST permission is to completely hide an OU from the UI -
mainly useful in hosting environments (so that company one, can't see any existance of
company 2 in the admin UI or in the GAL, the latter requiring some extra work on
Exchange Address book configurations).
But it's not really useful for hiding single objects. And if you're not worried about
the OU object being visible, then you might as well just remove the READ permissions
for Authenticated Users from it (and any other sub-OU) = your users will then not be
able to browse or search the OU.
However, it's generally a good idea NOT to put your ADMIN accounts into the same OU as
your normal accounts. You're best off with a DUAL-account model = put the normal
accounts (JoeRich) that your admins use for mail etc. into your general OU for users,
and put the admin account for the same user (ADM.JoeRich) into a different OU
outside of the scope of delegation for your normal OU.
The same is true for groups - once you have implemented a dual-accounts structure,
you'll usually not have a reason to add any Admin account to a group containing
normal users. As such you don't need to hide them eather = you'll just hide the
whole OU that contains the admin accounts and the admin groups...
/Guido
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baudino
Sent: Donnerstag, 20. Mai 2004 23:48
To: [EMAIL PROTECTED]
Subject: Re: AW: [ActiveDir] hidding users
AD list mode is interesting enough that we're going to look into it as
well. We're also looking into the link below as a way to accomplish this.
At this point we haven't tested either so I don't really know yet whether
they fill your need (or ours, for that matter).
Mike
http://searchwin2000.techtarget.com/tip/0,289483,sid1_gci962436,00.html?track=NL-23ad=481969
Ulf B. Simon-Weidner
[EMAIL PROTECTED] To: [EMAIL PROTECTED]
Sent by:cc:
[EMAIL PROTECTED] Subject: AW: [ActiveDir] hidding users
tivedir.org
05/20/2004 04:34 PM
Please respond to
ActiveDir
Maybe the AD List Mode will be an option for you:
http://www.chrisse.se/MAQB.asp?ID=34
Ulf
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Kern, Tom
Gesendet: Donnerstag, 20. Mai 2004 20:00
An: ActiveDir (E-mail)
Betreff: [ActiveDir] hidding users
is there an attribute i can set in adsiedit,ldp,etc to hide a user from
appearing in the usual admin gui utlilties like aduc?
also when you look in group memebership, to not have s(he) appear there as
well?
thanls
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
*** PLEASE NOTE ***
This E