Highlighted
alex087
1 Nickel

Hide Active Directory users

Hello!

I have Isilon with OneFS 7.0.2.8 connected with Active Directory.

Isilon have in Active directory a computer object.

The computer object see all users in Active Directory.

I need that Isilon see only users in some OU.

How I can do it?

Labels (1)
0 Kudos
7 Replies
sluetze
2 Iron

Re: Hide Active Directory users

you could deny the Access for the computer-account on the OUs the isilon shall not be able to view. As far as i remember it isn't recommended to use the deny rules when possible, since it makes the whole Thing hard to maintain.

But this is more an permission thing in AD than an isilon topic.

Rgds

-- sluetze

0 Kudos
alex087
1 Nickel

Re: Hide Active Directory users

Ok.

Thanks.

0 Kudos
alex087
1 Nickel

Re: Hide Active Directory users

For example: I have parent OU Isilon and child OU 123

1.png

When I deny List Contents permission on OU Isilon, any users can't see OU 123.

2.png


Why do OneFs see users in OU 123?

3.png

0 Kudos
sluetze
2 Iron

Re: Hide Active Directory users

because OneFS is using a computer-account to authenticate and not a user-account.

so you would have to deny the Access not for users but for the computer-account of the isilon.

if you have this requirement for the isilon only, only deny Access for the isilon - you may have weird side-effects if you deny it for all users or all Computers.

Rgds

-- sluetze

0 Kudos
alex087
1 Nickel

Re: Hide Active Directory users

When I denied access the computer account Isilon the problem persists:

1.png

2.png

0 Kudos
sluetze
2 Iron

Re: Hide Active Directory users

too bad i don't have an environment to try it on my own....

can you just deny everything for the Isilon on this OU? so we can be sure, that we have the deny on the correct setting?

0 Kudos
alex087
1 Nickel

Re: Hide Active Directory users

The problem persists

1.png

2.png


But if I deny access Isilon for 123 OU, work correct:

3.png

4.png

0 Kudos