rights to give permissions on ntfs folder but not allowed to see whole AD structure


  • We have a forest and domain and different ou's.

    A user is located at forest/domain/ou/ou1. He has a mapped drive to a server where he has his folders. Now he can choose properties on those folders and add some users. BUT he sees all users. Also the users who are located in forest/domain/ou/ou2 or forest/domain/ou, ....

    i like to know if it is possible to give him the rights to add permissions on the folder for users from his ou1 and only from his ou1. In such a way that he does not see the users of the other ou's.

    Kind regards,


    Thursday, May 17, 2018 12:48 PM


  • Hi,

    For your needs, we could assign deny permission on other folders for the user.

    Best Regards,


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact

    • Marked as answer by IRCKurt Tuesday, May 22, 2018 6:54 AM
    Friday, May 18, 2018 12:58 PM