A web developer in our organization wants to query our AD and authenicate users in a web app. What is the minimum permissions I can assign his account to accomplish this task? We have Windows 2003 SP2 -- will have Windows 2008 R2 soon. Is it recommended to allow web apps to authenicate against AD? Is this secure?