Link to home
Start Free TrialLog in
Avatar of Thomas N
Thomas NFlag for United States of America

asked on

Question about AD permissions

I need someone to be able to have read-only permissions to our AD structure. What permissions can I give them to have the minimum permissions to do this? If I create a account what group should I add them to?
Avatar of yo_bee
yo_bee
Flag of United States of America image

You can use Delegation wizard with in ADUC.
  • Open ADUC (Active Directory Users and Computers)
  • Right the Domain if you want this user to have read rights to the entire domain or select the OU that you wan this user to have rights to.
  • Select Delegation Control and the Wizard will start.
  • Search for the user you want to delegate Read rights to and hit next
  • Select Read All User Information.
that should be it.
If you want to help with additional users in the future create a group and call it something like DomainReadOnlyGroup and do the same as what is illustrated above and add this user to that newly created group.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial