Solved

Question about AD permissions

Posted on 2016-08-11
2
67 Views
Last Modified: 2016-08-12
I need someone to be able to have read-only permissions to our AD structure. What permissions can I give them to have the minimum permissions to do this? If I create a account what group should I add them to?
0
Comment
Question by:Thomas N
2 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 41753141
You can use Delegation wizard with in ADUC.
  • Open ADUC (Active Directory Users and Computers)
  • Right the Domain if you want this user to have read rights to the entire domain or select the OU that you wan this user to have rights to.
  • Select Delegation Control and the Wizard will start.
  • Search for the user you want to delegate Read rights to and hit next
  • Select Read All User Information.
that should be it.
If you want to help with additional users in the future create a group and call it something like DomainReadOnlyGroup and do the same as what is illustrated above and add this user to that newly created group.
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 41753455
Any domain user has read permissions out of the box - what would you like to do that a standard user cannot do already? What would you like to prevent that a standard user can so?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
schema master 5 27
How to remove mailbox permission and export result with PowerShell in Exchange 2010. 4 47
Office 2016 GPOs in Server 2012R2 5 28
Server timing 4 20
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question