Solved

Active Directory LDAP Query

Posted on 2014-10-16
3
107 Views
Last Modified: 2014-10-23
Hi

I am in the process of configuring LDAP as we have a third party application that needs to query AD users.  I have created an AD account for this function, the only group membership is Domain users and using LDAP Administrator I can now browse AD.

I would like to lock this down so the application can only see certain OU.  Is there a simple way to do this ?

Thanks
0
Comment
Question by:bains1000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40385374
remove them from Domain Users, create a new group (ex. AD Read Only) add that account to that group.

Now in ADUC, go to the OU that you want them to be able to read, right click, go to properties, security, and only give that group (AD Read Only) rights to read child objects of that OU.

Repeat this for each OU you want it to be able to read.
0
 

Author Closing Comment

by:bains1000
ID: 40399631
Thanks worked a treat
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40399634
Glad to help!
0

Featured Post

Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question