We're creating a role account to be used by a 3rd party system on our network that needs to be able to query AD but we'd like to prevent anyone from using that role account to actually log in to AD. Is that possible?
If so, how?
Our AD domain functional level is 2003, but we have a mix of Server 2008 and Server 2003 DC's. We're trying to get to a place where we can retire our Server 2003 DC but we're not there yet.