Need help to delegate minimal LDAP permissions without full Domain Admin

That is just a normal user.

If they need admin on servers and workstations in addition to this, see this article
https://www.experts-exchange.com/articles/29596/Securing-Active-Directory-Administrators-Groups.html

I'll check that URL out. thanks.

This is in reference to applications needing active directory LDAP (EMC SAN needing AD auth/LDAP to authenticate admins, other apps needing LDAP ability that i don't want domain admin for) - not giving rights to specific local admin for servers or workstations (although this method can be handy when looking at other requirements).

the engineer that was implementing our SAN LDAP stated "querying groups and perform searches on behalf of other users" were needed above a regular domain user account. need to know (i assume using the AD delegation wizard?) how to assign specific rights needed to assign a domain user account to achieve LDAP ability (against domain controllers) without domain admin perms. thanks!