LDAP querying with MXLogic

Posted on 2008-11-12
Last Modified: 2013-12-24
We're trying to limit the account attached to MXLogic that queries AD.  What are the minimal settings that we can get away with? Our concern is allowing this account too much control with a very sensitive server in our organization.


We're running Windows Server 2003.
Question by:dataroad
    LVL 30

    Accepted Solution

    If all you need the account to do is Read, then it only needs to be an Authenticated User. If the account needs to update Active Directory in any way, determine precisely what it needs to update, and create a dedicated user account that has been delegated those permissions and nothing more.
    LVL 1

    Author Comment

    Well, the support desk said the profile needed admin rights, but then doubled back and said the account only needed read access and the ability to query LDAP.  

    Bottom-line, it didn't sound like these guys really had a grip on how to set it up without reading from a script. I just want to make sure that I have the right privileges assigned without granting TOO much access.


    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Let’s list some of the technologies that enable smooth teleworking. 
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now