Hi Team, Is there a way I can limit what a service-account can get returned when it queries LDAP. I would like to limit visibility to a set of OUs, so that the service-account cannot see all of LDAP? In other words is there an AD equivalent of openldap acls, perhaps through dsacls? - Kees.