Hello,

I would like to know how to secure access to the objects' information.

By default, each user has read-only rights on all AD objects. For example, with an AD explorer, it is possible to get the sAMAccountName of the builtin administrator, or any other information. By this way, it is "easy" to bruteforce this account or get other confidential information.

So my question is : how to secure the attributes of all my users without affect the applications which used the AD. I don't want the users can get information because, to me, it is like data loss.

I saw "searchflags", but I think it could be complicated.

Thanks