Microsoft Knowledge Base Article 265399 contains the following summary:
This step-by-step article describes how to modify Active Directory object attributes. The example in this article changes the defaultSecurityDescriptor attribute of the Organizational Unit object to remove the Read permission from the members of the Authenticated Users group.
Caution Microsoft recommends that you use caution if you modify the Active Directory schema. This operation is an advanced operation that is best performed programmatically by experienced programmers and system administrators. For detailed information about how to modify the Active Directory schema, see the Active Directory Programmer's Guide. To do so, visit the following Microsoft Web site:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/active_directory.asp
