Solved

Minimum LDAP Rights

Posted on 2011-09-30
4
288 Views
Last Modified: 2012-05-12
What are the minimum rights needed by an AD account to do LDAP lookups and Authentications.

We currently have a few applications set up to do lookups and authentication, but need to reduce the rights due to security concerns.
0
Comment
Question by:Octel-Node
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 36893801
By default just a normal user account should do it

http://support.microsoft.com/kb/922836

In the Active Directory directory service for Microsoft Windows Server 2000 and for Microsoft Windows Server 2003, it is difficult to prevent an authenticated user from reading an attribute. Generally, if the user requests READ_PROPERTY permissions for an attribute or for its property set, read access is granted. Default security in Active Directory is set so that authenticated users have read access to all attributes. This article discusses how to prevent read access for an attribute in Windows Server 2003 Service Pack 1 (SP1).

Thanks

Mike
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 125 total points
ID: 36895620
It depends on how you have manipulated perms in AD but normal domain user should be fine.

Just a simple user as authenticated users have permissions all over the
place to read. (unless that was changed)

You also may wanna have a look at:
http://www.petri.co.il/anonymous_lda...ws_2003_ad.htm
http://support.microsoft.com/?id=320528

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175646
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question