Information:
Assumption: Domain Admin or equivalent user is performing these steps.
Using Active Directory Users and Computers
1) Go to the View Menu and enable Advanced Features
2) Create a New OU in the desired location.
3) Move any users, computers, groups, etc into this OU as needed.
a. It’s easier to do this now rather than latter, depending on security being applied.
4) Right Click the New OU and select Properties
5) Click the Security Tab
6) Click the Advanced Button
7) Un-Check “Allow inheritable permissions from the parent to propagate…”
8) Click Copy
9) Click OK
10) Click Add
a. You must add the user or group now before you remove permissions.
b. Enter the name of the USER or GROUP of users that will be able to access (see) this OU.
c. Click OK
11) Select the “User” or “Group” in the list then click the “Full Control” check box in the Allow column.
a. See screenshot below (Administrator is the User in this Example).
12) Remove all other existing groups except for the following.
a. ENTERPRISE DOMAIN CONTROLLERS
b. Exchange Enterprise Servers
c. SYSTEM
d. Any USER or GROUP just added above.
13) Click OK
14) Now only the user or group granted permissions can see and modify objects in this OU.
More Information:
See Microsoft KB article 276679 “Cannot Completely Hide an Object in Active Directory” for limitations on hidden objects.