Re: Permissions to do AD Lookups?

Thank you for your help everyone

I will have them test it out. I'm working with apache-java developers, so
it may take a while!

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:ex0q7xHcGHA.3344@xxxxxxxxxxxxxxxxxxxxxxx
Unless of course you have delegated security in your directory to prevent
that. The defaults would allow this. I just wanted to add that caveat as
AD security is very flexible and you may not have defaults.

The obvious thing to do is to test to make sure your scenario works.

Joe K.

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:%23EepvcHcGHA.4604@xxxxxxxxxxxxxxxxxxxxxxx
just as paul said

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Chris Sdonka" <csdokna@xxxxxxxxxxxxxxx> wrote in message
news:umR4nyFcGHA.3900@xxxxxxxxxxxxxxxxxxxxxxx
so with only authenticated user access they should be able to query the
entire domain, all the OUs, etc?


"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
news:1146840071.980475@xxxxxxxxxxxxxxxxxxxxxx
Give them no additional permissions. A user or inetOrgPerson object is
a
member of domain users, and the well known security principal
Authenticated
Users. Authenticated Users has all the permissions you need. If it
doesn't, and you need specific read access to non-standard attributes,
you
grant accordingly.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net










.

Relevant Pages

  • Re: What permissions should be on sysvol
    ... Microsoft MVP - Windows Server - Directory Services ... I don't think those are default for a 'plain vanilla' AD install. ... Authenticated Users: Read & Execute ...
    (microsoft.public.windows.server.active_directory)
  • Re: Delete users Profile
    ... Microsoft MVP - Windows Server - Directory Services ... public PC for the domain users, ... day by day the under "C:\Documents and Settings" there are lots of user's ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions to do AD Lookups?
    ... AD security is very flexible and you may not have defaults. ... member of domain users, and the well known security principal ... Authenticated Users has all the permissions you need. ... Microsoft MVP - Windows Server - Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Forest functional upgrade not possible
    ... Yeah I would look at the crossRef objects as that is what is being checked. ... Windows Server MVP - Directory Services ... partition), so I'll run that down first. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Login to Windows 2008 stalls at "Welcome"
    ... Windows Server - Directory Services ... Hii Sing Chung wrote: ...
    (microsoft.public.windows.server.general)
Loading