Restrict access to AD over LDAP

G

Guest

Hi all!

Is there any way to restrict LDAP access to AD (2003)? By default, any
authenticated user can read data in AD using LDAP - is there any way to
restrict users browsing AD using LDAP tools/VBScripts/etc? I can restrict
access tu ADUC MCC snap-in, however LDAP tools still work...

Any suggestion will be appreciated!

Thanx!
 
G

Guest

Paul, thanx for your answer! However, I need the "opposite way" - disable
authenticated user to view AD. By default, all authenticated users can read
whole AD - and this is little bit wrong (IMHO) ;-)

Is absolutelly necessary to grant "Authenticated Users" read permission on
qhole AD?

Thanx,
R.V.
 
P

Paul Bergson

Yes that is where 2003 comes in, it blocks unauthenticated binds. 2000 does
not.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
P

Paul Bergson

How can you authenticate if you can't attach to the AD. You can block
access to individual ou's via permissions. Just go to the ou right click
and permissions, etc...

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to sync Sun one Ldap user profile to windows 2003 AD 1
LDAP + AD 3
LDAP Query Error 1
LDAP to AD 2
Minimum AD Permissions needed to query LDAP for username password auth 2
Possible to have Per-user referrals to external LDAP? 3
LDAP query result sorting -> Change the order of AD DCs found in the list 2
how to tell if an AD server supports LDAP over SSL? 2

Top