Question about AD permissions

I need someone to be able to have read-only permissions to our AD structure. What permissions can I give them to have the minimum permissions to do this? If I create a account what group should I add them to?
Thomas NSystems Analyst - Windows System AdministratorAsked:
Who is Participating?
McKnifeConnect With a Mentor Commented:
Any domain user has read permissions out of the box - what would you like to do that a standard user cannot do already? What would you like to prevent that a standard user can so?
yo_beeDirector of Information TechnologyCommented:
You can use Delegation wizard with in ADUC.
  • Open ADUC (Active Directory Users and Computers)
  • Right the Domain if you want this user to have read rights to the entire domain or select the OU that you wan this user to have rights to.
  • Select Delegation Control and the Wizard will start.
  • Search for the user you want to delegate Read rights to and hit next
  • Select Read All User Information.
that should be it.
If you want to help with additional users in the future create a group and call it something like DomainReadOnlyGroup and do the same as what is illustrated above and add this user to that newly created group.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.