We have a Windows environment set up in a hub and spoke configuration whereby we have a parent domain as the hub and multiple separate child domains as the spokes. Each of these spokes are separate legal entities in our business and are all on separate subnets.
One of the problems we've managed to ignore to date is that Windows Explorer and various other applications allow a domain user to see all other domains in the environment (in windows explorer, select the Network tab and search Active Directory). They can't access these domains, but they can see that they exist, which is a bit of a problem, but one that has been accepted.
We've now got a new vendor app that is having a problem with this because it's attempting to enumerate all of the domains that it can see when running some functions (based on the domain service account that it is running under). As we have so many of these child domains and they're not contactable as they're on separate subnets, the application times out.
Is there any way to stop one child domain from even seeing the presence of other child domain names?
If it matters, the domain controllers in the child domains are a mixture of Win2016 and Win2019, the DC in the parent domain is Win2016. Most member servers are a mixture of Win2016/2019 as well.
Thank you for your help
