Hiding Values of Active Directory Attributes

Hiding Values of Active Directory Attributes

System administrators may want to hide some attributes in the active directory.

You must be a domain, schema and enterprise admin to do these operations.

 

Instructions to hide an attribute in the active directory;

Open the ADSI edit and do as shown below,    

Connect to…

 

Select the Schema from “Select a well known Naming Context”

 

We want to hide the Employee-Number attribute in ADSI Edit.

Default value of “Employee-Number” attribute is = 0

 

It is necessary to update “searchFlags” to 128.

 

Apply.

 

After operations are done in ADSI Edit, the whole domain controller must be replicated to each other.

Required Command :     “Repadmin /syncall /Aped“     

 

If we check the user with the domain admin account in the active directory, the employee Number can be displayed.

 

The attribute is hidden if any user other than the domain admin checks their AD attributes.

Required Command to check attribute;

“Get-ADUser -Identity ygokkaya -Properties employeeNumber

 

See you in the next articles..

 

Share With