This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 23%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
How to restrict general domain users to query domain information
After the user joins the computer into the domain, after logging in, the user can obtain the information of users or groups in the domain through LDAP commands or PowerShell commands. How to restrict ordinary users to obtain such information.
Hi @ABDXJ
Have a look at these previous questions, which were trying to achieve same thing.
https://learn.microsoft.com/en-us/answers/questions/707421/ad-search-privileged-groups.html
I would also suggestion having a look at this article on restricting who can join machines to the domain:
Just checking if there is any update or progress on this one?
Gary.
