Hello,

We are part of a larger organization but maintain a degree of independence from headquarters. This independence is limited to a specific OU within the global Active Directory structure.

To complicate matters further, user accounts reside in a different (parent) domain, while service accounts, computers (endpoints), servers, and groups are located in the child domain. The structure is as follows:

• Root domain → Our Users OU → User accounts
• Child domain → Our Computers and Tech Users and Groups OU → Service accounts, computers (endpoints), servers, and groups

I do not see a way to restrict domain searches to a specific OU in the domain configuration. Without this capability, your app will scan, detect, and attempt to manage objects outside our responsibility. The number of such objects would be approximately 100 times higher than needed, significantly impacting performance and usability.

My questions are:

1. Is there a way to achieve this?
2. Are there plans to introduce such an option in the configuration?