supportsolutions
asked on
what is the best way to allow developers to do command line ldap querys in windows 2000 against AD
ive been told this can only be done with administrator rights,
is there a built in group, or way around this without giving full admin rights
one of my colleagues from work said the dns admin group would .be less priveleged
bascially want to give the lowest level priveledges, any advice?
i came across an ms article :
"How to configure Active Directory to allow anonymous queries"
http://support.microsoft.com/kb/320528
is this dangerous to do?,
need some advice here i cannot find much documentation on this
is there a built in group, or way around this without giving full admin rights
one of my colleagues from work said the dns admin group would .be less priveleged
bascially want to give the lowest level priveledges, any advice?
i came across an ms article :
"How to configure Active Directory to allow anonymous queries"
http://support.microsoft.com/kb/320528
is this dangerous to do?,
need some advice here i cannot find much documentation on this
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Well guys i thank you all for the soultion and will accept both of them,
I presented the client with this information and they stated that without making ANY changes to AD permissions or delegation of control, the developers were already able to perform ldap queries
they must of enherited read only permission on ad from somewehre else, or is this the default?
thanks again
I presented the client with this information and they stated that without making ANY changes to AD permissions or delegation of control, the developers were already able to perform ldap queries
they must of enherited read only permission on ad from somewehre else, or is this the default?
thanks again
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
ive delegated control in my virtual environment, but have a questions
after delegating control over the domain, where can i see those settings?
the only tool i can seem to find for this is dsrevoke, is there a gui based tool for removing or deleting the delegation if you want to change it afterwards?