supportsolutions
asked on
what is the best way to allow developers to do command line ldap querys in windows 2000 against AD
ive been told this can only be done with administrator rights,
is there a built in group, or way around this without giving full admin rights
one of my colleagues from work said the dns admin group would .be less priveleged
bascially want to give the lowest level priveledges, any advice?
i came across an ms article :
"How to configure Active Directory to allow anonymous queries"
http://support.microsoft.com/kb/320528
is this dangerous to do?,
need some advice here i cannot find much documentation on this
is there a built in group, or way around this without giving full admin rights
one of my colleagues from work said the dns admin group would .be less priveleged
bascially want to give the lowest level priveledges, any advice?
i came across an ms article :
"How to configure Active Directory to allow anonymous queries"
http://support.microsoft.com/kb/320528
is this dangerous to do?,
need some advice here i cannot find much documentation on this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well guys i thank you all for the soultion and will accept both of them,
I presented the client with this information and they stated that without making ANY changes to AD permissions or delegation of control, the developers were already able to perform ldap queries
they must of enherited read only permission on ad from somewehre else, or is this the default?
thanks again
I presented the client with this information and they stated that without making ANY changes to AD permissions or delegation of control, the developers were already able to perform ldap queries
they must of enherited read only permission on ad from somewehre else, or is this the default?
thanks again
ASKER
ive delegated control in my virtual environment, but have a questions
after delegating control over the domain, where can i see those settings?
the only tool i can seem to find for this is dsrevoke, is there a gui based tool for removing or deleting the delegation if you want to change it afterwards?