How to create a user account which has read only access to our Active Directory.

All domain users have read-only access to the AD.

by default standard user don't have any access apart from read only on Active directory objects

if you can tell exact where account will be used we can suggest

Just create a user account that is member of the Domain users.

https://docs.microsoft.com/en-us/windows/desktop/ad/creating-a-user

As said our web filtering is hosted outside of our organisation and they have asked to create a user account, which has read only access to our AD.
This account will be used, so that filtering system can query the list of users in our AD to make sure it is up to date.

A domain user account with no special privileges should work fine.

Unless, like I mentioned, you added permissions incorrectly on other systems using domain users group or authenticated users group. If that is the case you have some permissions to fix or denies to implement to prevent data leakage

Hi

I have created  the user account and by default the user is member of domain users, will this be ok.

Thanks

By default when user authenticate with AD, it is considered as authenticated and get access to all resources in AD which are accessible to authenticated users group

Correct, my point is some setup their confidential document shares with "Authenticated Users"