This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 22%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFR%3C/text%3E%3C/svg%3E)
Hello. I want to block GET-ADUSER from been able to show result.
I was able to block users from opening AD users and computers but it look like the permissions doesn't apply to GET-ADUSERS
How can I set that command to not show any results?
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
You could send the output to null with Out-Null like
Get-ADUser ... | Out-Null
Best Regards,
Ian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello, sorry, that is not what I mean.
I don't want the user to be able to pull any information at all.
If the user run, for example, Get-ADUSER -Filter * , that it failed to run.
I was able to prevent the access to that through Active Directory Users and Computer but it doesn't prevent a user from getting information through Powershell.
Thank you
You can remove the ActiveDirectory packet via the PowerShell
On Windows 10 1809 and newer:
Remove-WindowsCapability -online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"
Then restart your pc.
Hello, I tough of that but if the user is local administrator of the device he can then re-install them :S
I know it sound off. It's for a DMZ environment that will have a domain but we don't want vendor to be able to have any capability of pulling information from the DMZ.
I have already block/prevent access to most RSAT gui tool. Now i'm trying to block the command (powershell).
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 38%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
This won't be a full answer but may get you started...
Exchange Server has had "Role Based Access Control", RBAC, for some time, which allows granular control of Exchange cmdlets. (I know, not what you are looking for.)
I came across this,
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide
Which sounds similar, but seems to be limited to O365, again, not exactly what you are looking for.
My next best suggestion is to restrict the AD module. Do your users require access to other AD module cmdlets?
Hello, we don't have exchange servers in our DMZ environment and neither using Office 365 so that will not apply.
I have restricted AD module MMC but for the CMDLETS that is what I'm trying to figured out.
Thakn you