Tag
This analytic detects when an ACL is applied to an organizational unit (OU) to deny listing the objects residing in it; this activity, combined with modifying the owner of the OU, can hide Active Directory objects, even from domain administrators.