To resolve the issue:
- Create a new user (dsadmin) and a new group (dsadmins/Global Security Group) in Active Directory Users and Computers.
- Check the properties of the dsadmin user and make sure it has the following settings:
- The User must change password at next logon check box is unticked.
- The Password never expires check box is ticked.
- Add the dsadmin user as a member of the dsadmins group.
- Set the dsadmins group as the default group.
- Remove the Domain Users group under the Member of tab list.
- Select the View tab and activate the Advanced Features in Active Directory Users and Computers.
- Perform the following steps on the OUs you want to hide from the DSM console.
- Right-click the OU you want to hide and choose Properties.
- Choose the Security tab and add the dsadmins group.
- Deny the read privileges to the dsadmins group for the OU.
- After setting the necessary rights, add the Active Directory in the DSM with the credentials of dsadmin user.
The Active Directory tree of the DSM will now only show the computers of the OUs, which you did not deny the read permission.