Figure 2. Using Deny List Contents on Organizational Units. Denying permissions in Active Directory is a sensitive operation because it can easily go awry; but when used carefully, it can help you hide objects in the directory. This example hides all objects within this OU from the Generic Users group.