Re: Permissions to do AD Lookups?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Give them no additional permissions. A user or inetOrgPerson object is a
member of domain users, and the well known security principal Authenticated
Users. Authenticated Users has all the permissions you need. If it
doesn't, and you need specific read access to non-standard attributes, you
grant accordingly.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net


.

Relevant Pages

  • Re: Overlapping Permissions
    ... >grant the permissions for the Domain Users group for insert, delete, etc. ... >member of the public role, and ProductManagers, member of public and ... >A user, Rod, belongs to both Domain Users and ProductManagers groups. ...
    (microsoft.public.sqlserver.security)
  • Re: Directory / File Permissions
    ... When a user is a member of a group, the user has the combined NTFS rights of ... his personal permissions and his multiple group membership permissions, ... What you should do is simply remove the Domain Users group from the ACL. ... because "Domain Users" group has full rights. ...
    (microsoft.public.windows.server.general)
  • Grant a domain user read-only access to AD 2003
    ... I've created a new user who is a member of the "Domain users" group ... I want to grant this user read only permissions to the whole of ... the very top level, granting "read only" permissions. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Administrator has access denied
    ... > The administrator cannot change permissions. ... the administrator IS a member of domain users. ...
    (microsoft.public.win2000.advanced_server)
  • Re: Changing groups
    ... pleaderb, sue, frank, ed are members of group projectb ... Everyone is a member of group user. ... depending on the file's permissions they can read and write the ... I do this all the time, using Samba. ...
    (Debian-User)