Link to home
Create AccountLog in
Avatar of lianne143
lianne143Flag for United States of America

asked on

How to create a user account which has read only access to our Active Directory.

Hi

Our web filtering is hosted outside of our organisation I have been asked to create a user account which has read only access to our AD.

Not sure as how to create this account please post me tutorials to set up this read only access account.


Thanks
Avatar of Iamthecreator
Iamthecreator
Flag of France image

All domain users have read-only access to the AD.
ASKER CERTIFIED SOLUTION
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
by default standard user don't have any access apart from read only on Active directory objects

if you can tell exact where account will be used we can suggest
Avatar of austin minor
austin minor

Just create a user account that is member of the Domain users.

https://docs.microsoft.com/en-us/windows/desktop/ad/creating-a-user
Avatar of lianne143

ASKER

As said our web filtering is hosted outside of our organisation and they have asked to create a user account, which has read only access to our AD.
This account will be used, so that filtering system can query the list of users in our AD to make sure it is up to date.
A domain user account with no special privileges should work fine.
Unless, like I mentioned, you added permissions incorrectly on other systems using domain users group or authenticated users group. If that is the case you have some permissions to fix or denies to implement to prevent data leakage
Hi

I have created  the user account and by default the user is member of domain users, will this be ok.

Thanks
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
By default when user authenticate with AD, it is considered as authenticated and get access to all resources in AD which are accessible to authenticated users group
Correct, my point is some setup their confidential document shares with "Authenticated Users"