Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4792
  • Last Modified:

how to create a Read only LDAP user for MS Active Directory?

Hello,

 I have a developer that is testing some software that connects to MS AD using LDAP, and I want create a group that has READ-ONLY rights to do so.  How do I create a user group for AD that has AD connect rights and read-only rights to users account information (as in an LDAP password verification query)?

 Any help and suggestions are welcome.

 Privasoft.
0
privasoft
Asked:
privasoft
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Any regular (non-administrative) user account will be just that unless someone else has locked down AD to prevent it.

Chris
0
 
ARK-DSCommented:
HI,
You can create a group, go to adsiedit.msc and then on every partition that you see there (domain, configuration and Schema ) do a right click and go to their properties one by one to set security settings. You can specifically set deny permissions for that particular group.

You can also do the same thing for DomainDNSZones and FOrestDNSZones as well.

Regards,

Arun
0
 
privasoftAuthor Commented:
This is exactly what I needed. Thanks!.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now