Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Question about AD permissions

Posted on 2016-08-11
2
74 Views
Last Modified: 2016-08-12
I need someone to be able to have read-only permissions to our AD structure. What permissions can I give them to have the minimum permissions to do this? If I create a account what group should I add them to?
0
Comment
Question by:Thomas N
2 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 41753141
You can use Delegation wizard with in ADUC.
  • Open ADUC (Active Directory Users and Computers)
  • Right the Domain if you want this user to have read rights to the entire domain or select the OU that you wan this user to have rights to.
  • Select Delegation Control and the Wizard will start.
  • Search for the user you want to delegate Read rights to and hit next
  • Select Read All User Information.
that should be it.
If you want to help with additional users in the future create a group and call it something like DomainReadOnlyGroup and do the same as what is illustrated above and add this user to that newly created group.
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 41753455
Any domain user has read permissions out of the box - what would you like to do that a standard user cannot do already? What would you like to prevent that a standard user can so?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question