Min Security Rights to Preform LDAP Queries in Active Directory
30,096
You can restrict/allow what a user can or see/query within AD by easily using the Delegation Wizard. You can access the Delegation Wizard easily by right-clicking on an OU, and the selecting Delegation Control. You als may want to take a look at these articles:
Default security concerns in Active Directory delegation
Best practices for delegating Active Directory administration: Case study: a delegation scenario
Author by
Xap
Updated on March 06, 2020Comments
-
Xap about 4 years
Our company is trying to implement a few single sign-on applications using Active Directory (Windows Server 2003) and LDAP. I would like to lock down the account used to make these LDAP queries as much as possible. What is the best practice for configuring this type of account?