First, you could change the permissions on the AD objects to remove read
access for those attributes from groups whom you don't wish to have access.
Second you could edit the schema so newly created objects disallow read
access for those attributes from groups whom you don't wish to have access....
First, you could change the permissions on the AD objects to remove read
access for those attributes from groups whom you don't wish to have access.
Second you could edit the schema so newly created objects disallow read
access for those attributes from groups whom you don't wish to have access....
[ more ]