I have a situation where my company is going to use an application (across dedicated WAN link) located at another companies site. The two companies are joined by a dedicated WAN link that is not Internet facing. When a user in my company access the application (Web based), they will use their existing AD credentials, this application at the other company will perform an LDAP referral/relay to my Active Directory and authenticate...
I dont want the other company to have the ability to query my entire AD, only the OU where the user accounts are located.
Is there any way to restrict access to Active Directory via LDAP to only a specific OU where the user accounts in the OU will be queried?
Thanks
S
- Moved by Amy Wang_Microsoft contingent staff, Moderator Thursday, March 26, 2015 3:24 AM AD related from Windows Security forum