Click here to get back home

Restricting LDAP search for a normal AD account
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Restricting LDAP search for a normal AD account DamonChong 01-12-2006
Posted by DamonChong on January 12, 2006, 12:01 am
Please log in for more thread options
 Hi,

Firstly, thanks for taking time to answer my question. I am new to
Active Directory and would like to know if it is possible to restrict
or prevent normal AD user account from performing LDAP searches against
the AD? It seems like in Windows 2000 AD will allow LDAP searches
initiated by any valid AD user accounts against the AD (anonymous LDAP
search already disabled).

We have users using LDAP clients, using their AD account IDs and
passwords to perform LDAP searches. I wonder if this behaviour can be
disabled for all AD user accounts or specific AD user accounts. Thank
you.

Regards,
Damon


Posted by Roger Abell [MVP] on January 12, 2006, 4:03 am
Please log in for more thread options
 Accounts need to be able to query AD with ldap in order to function.
However, all accounts do not have access to everything. You did
notice that all AD objects have ACLs, right ?


> Hi,
>
> Firstly, thanks for taking time to answer my question. I am new to
> Active Directory and would like to know if it is possible to restrict
> or prevent normal AD user account from performing LDAP searches against
> the AD? It seems like in Windows 2000 AD will allow LDAP searches
> initiated by any valid AD user accounts against the AD (anonymous LDAP
> search already disabled).
>
> We have users using LDAP clients, using their AD account IDs and
> passwords to perform LDAP searches. I wonder if this behaviour can be
> disabled for all AD user accounts or specific AD user accounts. Thank
> you.
>
> Regards,
> Damon
>



Similar ThreadsPosted
Can't open search or clip art February 26, 2008, 1:49 pm
How to search the properties of all the DCOM objects on a machine at once December 18, 2005, 7:17 pm
Normal user logging onto Win2003 Domain Controller? December 3, 2007, 7:03 am
restricting user May 9, 2006, 3:19 am
Restricting Domain Admins June 1, 2005, 5:32 pm
restricting software installation July 27, 2005, 10:41 am
restricting user to control of one service? April 11, 2006, 5:58 pm
Restricting service accounts that have administrator privileges July 8, 2007, 12:10 pm
Restricting RDP to 2k3 DCs to only specific admins and not the entire admin group May 29, 2008, 11:39 am
Configuring SSL for LDAP October 23, 2007, 10:01 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap