Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Limiting the number of Active Directory (AD) computers displayed in Deep Security Manager (DSM)

    • Updated:
    • 14 Mar 2020
    • Product/Version:
    • Deep Security 9.6
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Standard R2

When you add an Active Directory to Deep Security Manager using a domain user account, all the Active Directory computers are shown in the list of computers.

It is impossible to set the Deep Security Manager to show only a certain Organization Unit (OU) of the Active Directory.

Active Directory computers


To resolve the issue:

  1. Create a new user (dsadmin) and a new group (dsadmins/Global Security Group) in Active Directory Users and Computers.

    dsadmin user

  2. Check the properties of the dsadmin user and make sure it has the following settings:
    • The User must change password at next logon check box is unticked.
    • The Password never expires check box is ticked.

    Account Password settings

  3. Add the dsadmin user as a member of the dsadmins group.
  4. Set the dsadmins group as the default group.
  5. Remove the Domain Users group under the Member of tab list.

    dsadmins group

  6. Select the View tab and activate the Advanced Features in Active Directory Users and Computers.

    Advanced Features

  7. Perform the following steps on the OUs you want to hide from the DSM console.
    1. Right-click the OU you want to hide and choose Properties.
    2. Choose the Security tab and add the dsadmins group.
    3. Deny the read privileges to the dsadmins group for the OU.

    Hide OU

  8. After setting the necessary rights, add the Active Directory in the DSM with the credentials of dsadmin user.

    Adding Active Directory

The Active Directory tree of the DSM will now only show the computers of the OUs, which you did not deny the read permission.

Active Directory

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.