• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5327
  • Last Modified:

how to create a Read only LDAP user for MS Active Directory?


 I have a developer that is testing some software that connects to MS AD using LDAP, and I want create a group that has READ-ONLY rights to do so.  How do I create a user group for AD that has AD connect rights and read-only rights to users account information (as in an LDAP password verification query)?

 Any help and suggestions are welcome.

1 Solution
Chris DentPowerShell DeveloperCommented:

Any regular (non-administrative) user account will be just that unless someone else has locked down AD to prevent it.

You can create a group, go to adsiedit.msc and then on every partition that you see there (domain, configuration and Schema ) do a right click and go to their properties one by one to set security settings. You can specifically set deny permissions for that particular group.

You can also do the same thing for DomainDNSZones and FOrestDNSZones as well.


privasoftAuthor Commented:
This is exactly what I needed. Thanks!.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now