I'm a big fan of the Colleague Tracker web part in MOSS 2007 My Sites, especially the option to show 'Membership Changes'. This is often useful in highlighting that a colleague has been added to a certain AD group.
We now want to hide the membership of certain AD groups from the colleague tracker. For example, if an AD group called 'Project X' is created, we don't want membership of the group broadcast throughout the My Sites where colleagues are tracking colleagues.
My first thought was that we could use AD to 'deny read' on the 'Project X' AD group to all SharePoint related service accounts. This does not appear to have worked, although perhaps the configuration is more complex? The best approach would seem to be to
prevent the group membership data ever being imported from AD to the SSP, hence my 'deny read' approach.
Has anyone successfully implemented this, or does anyone have any better ideas?
View Complete Post