How to Hide User Attributes in Active Directory

As more data is synchronized to user accounts, sensitive information such as national identity numbers and personal mobile numbers may be stored in Active Directory. To protect this data, it's important to restrict who can view it.

This information can be hidden from regular users and made visible only to authorized personnel, such as administrators. The recommended method for achieving this is to modify the attribute in the Active Directory schema and enable it's "Confidential" flag.

When an attribute is marked as confidential, read access is denied to users who do not have specific control access rights (like "Read Property") on the object. This ensures that sensitive data remains private and secure within your domain.

Note: This article serves as a recommendation. For detailed, step-by-step instructions on how to modify the AD schema and set the confidential flag, administrators should consult official Microsoft documentation or other expert guides on managing Active Directory schemas. Please see https://medium.com/beyond-the-helpdesk/easily-configure-confidential-attributes-in-active-directory-769bd2b9d12c