We use ADManager Plus to give the power of AD Management to the different department Powerusers. All the power users have each a Heldesk Technician account which is locked to his certain OU he must administrate.

We now would like to ad the AD Reporting function, but we found out that the security is not as wished.
When we do a report "Group for Users" we see all the groups the user is in, but then we also see the group "Domain Users".

When you then click on "more" in the Members columne, you can see ALL Users!

Our Policy doesn't allow the Power Users to see all the accounts that are in the "Domain User" group.

my opinion is, that if the heldesk technician is locked to a OU, he should not be able to see all the members of other groups, that are not in his OU structure.

How can we fix this, that we can give them the powerfull AD Reporting function?