I've created a standard AD user in my AD environment and discovered that, if I run Powershell with its credentials, or AD explorer, for example, I can query almost anything.
To me that does not seem very secure, and I'm wondering if that's an inherent permission with AD or if I have to manually modify things to prevent it.
So I can open AD explorer and browser all OUs, view groups and their members, etc, all as a Domain User with no extra permissions.
I can run powershell "get-aduser -username -properties * | fl" and get all their AD fields.
Would unchecking allow "Read" permission for Authenticated Users have any adverse effect?