Prevent AD users from seeing group members?

view story

http://serverfault.com – I need to prevent users from looking up the membership of groups that they are not members of. So for example, Bob is in GroupA but not GroupB, so if Bob were to look at properties in AD he would see all the members of GroupA but non of the members of GroupB. This is part of a QA test for software that enumerates groups using IADsGroup.IsMember. The output of calling that if the group permissions are correct is an exception, but I cannot replicate the AD conditions to generate that exception. (HowTos)