Min Security Rights to Preform LDAP Queries in Active Directory

security active-directory ldap single-sign-on user-accounts
30,096

You can restrict/allow what a user can or see/query within AD by easily using the Delegation Wizard. You can access the Delegation Wizard easily by right-clicking on an OU, and the selecting Delegation Control. You als may want to take a look at these articles:

Default security concerns in Active Directory delegation

Best practices for delegating Active Directory administration: How delegation works in Active Directory

Best practices for delegating Active Directory administration: Case study: a delegation scenario

Share:
30,096
Xap
Author by

Xap

Updated on March 06, 2020

Comments

  • Xap
    Xap about 4 years

    Our company is trying to implement a few single sign-on applications using Active Directory (Windows Server 2003) and LDAP. I would like to lock down the account used to make these LDAP queries as much as possible. What is the best practice for configuring this type of account?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Restrict ssh login from LDAP to users who have a /home directory
Why do I need Pre-Windows 2000 Compatible Access to enumerate group membership?
Administrator account keeps getting locked out. Can't trace source
AD LDAP No Password Required
How does single sign-on (SSO) work with PHP + Apache against an Active Directory for transparent authentication?
What are the other alternative to test a LDAP connection on linux machine
Adding users to AD using LDAP
LDAP Error "User Name Not Found"
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
LDAP: How to add a new user to a group inside an OU