Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Create User for LDAP Sync 1

Status
Not open for further replies.
OregonSteve

OregonSteve

MIS
Dec 24, 2003
132
US
Greetings-

I need to create a user in AD that I can use to sync account info via LDAP. I know that using administrator is not wise...so I want to make one with the least permissions possible. Any help?

Thanx
OregonSteve

"..You should never, never doubt what nobody is sure about." -Willy Wonka
 
Sort by date Sort by votes
Sync account info with what? To an external database?

If you are not writing to AD, then you need only have access to read account info. If you are writing attributes in to AD, you will need either delegated rights or Account Operator.

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"
 
Upvote 0 Downvote
Greetings-

Yes, sync to an external database, read-only. Can you tell me the permission name(s)?

Read All Properties?
Read cn Name?

???

Thanx
OregonSteve

"..You should never, never doubt what nobody is sure about." -Willy Wonka
 
Upvote 0 Downvote
It depends on what you are trying to replicate, but if you are looking for the simple "general" tab-type info (such as First Name, Last Name, Email address, etc), then the "Read General Information" is sufficient. Do you have a list of attributes you are trying to pull?

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"
 
Upvote 0 Downvote
Greetings-

I may be having visual acuity issues, but I'm not seeing the "Read General Information" permission. I see "Read All Properties" and a lot of other more specific ones...

Thanx
OregonSteve

"..You should never, never doubt what nobody is sure about." -Willy Wonka
 
Upvote 0 Downvote
Go to advanced on the security tab and you will get options at that point for "This object Only", "all child objects..." , etc, etc,... and "User Objects". This property is a member of "User Objects" Assign the permissions there.

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong"
 
Upvote 0 Downvote
BINGO!!!

Thanx
OregonSteve

"..You should never, never doubt what nobody is sure about." -Willy Wonka
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
796
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
801
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
316
penguinroundup
penguinroundup
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
634
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top