There are several tools/script available for extracting all user information from AD. Any domain users can access this information by default.
For an example, using following attached .vbs script, we can dump entire AD users base to a excel file with following fields.
ADExport Script (1.8 KiB, 373 hits)
I think, it is kind of security risk.
This can be block, you just have to follow few steps:
1. You have to create a security group. Here we create blockinfo group
2. Now you have to restrict List Content and Read All Properties on OU where all users are stored and add the normal users into this group.
3. To test, run the above script again, and you will get no output.
With this you can prevent block any reporting tool/script.. 🙂
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.