Grant a domain user read-only access to AD 2003

From: Joe.Mobley@xxxxxxxxxxxxxxxxxxx
Date: 18 Apr 2007 03:14:27 -0700

I've created a new user who is a member of the "Domain users" group
only. I want to grant this user read only permissions to the whole of
the Active Directory structure.

I've tried to achieve this by running the Delegate control wizard from
the very top level, granting "read only" permissions. This seems to
work but I've found that the user can still create new user accounts
etc.

Any ideas how I get round this issue?

Many thanks

.

Follow-Ups:
- Re: Grant a domain user read-only access to AD 2003
  - From: Paul Bergson [MVP-DS]
- Re: Grant a domain user read-only access to AD 2003
  - From: Nick Domukhovsky

Prev by Date: Re: AD site and services - How do I speed up replication time?
Next by Date: Re: Slow login to AD
Previous by thread: AD site and services - How do I speed up replication time?
Next by thread: Re: Grant a domain user read-only access to AD 2003
Index(es):
- Date
- Thread

Relevant Pages

Re: assigning DB-user to server role
... You should be able to grant object permissions to the roles only. ... If a user is a member ... EXEC sp_addrole 'MyRole' ...
(microsoft.public.sqlserver.security)
Re: Changing groups
... pleaderb, sue, frank, ed are members of group projectb ... Everyone is a member of group user. ... depending on the file's permissions they can read and write the ... I do this all the time, using Samba. ...
(Debian-User)
Re: Outside Users RDP into WS2008???
... Name it DL-Consultants ... Assign permissions on a resource to domain local group '. ... add any user account belonging to your consultants to become member of G-Consultants group. ... End disconnected session: ...
(microsoft.public.windows.server.general)
Re: How to remove a user from a mail group (Tried to search...)
... If you're using Distribution Groups, these cannot show up in any ACLs ... If it is a Security Group, you'll need to figure out the what different ... resources the group could have permissions on. ... I go to "member of" tab. ...
(microsoft.public.exchange.admin)
Re: How to use a Group Distribution list inorder to send and received messages
... In the Permissions list, locate Send As, and then click to select the ... permission of the user account that is a member of one of administrative ... groups will be reset to match the ACL of the AdminSDHolder thread. ... Directory domain controller that holds the primary domain controller ...
(microsoft.public.exchange.admin)