[ActiveDir] Change in A/D security between 2k and 2k3

[Michael B. Smith]

I run an application (ModusGate by Vircom, if anyone cares) that requires "read 
access" (their phrasing) to A/D for LDAP queries.
 
In Windows 2000, this was easily done in ADU&C -- create a user, View->Advanced, 
properties on the domain, Security tab, add the user and grant "READ".
 
I can do exactly the same thing in Windows 2003, but it doesn't work anymore (and, in 
fact, the way I read the permissions I shouldn't even need to do it with the change in 
the default permissions). The ONLY account that works is the Administrator account. I 
can create an account, add it to domain admins, enterprise admins, blah blah blah -- 
so it looks just like Administrator and it still fails. So, I presumed it was User 
Rights -- so I add this account and give it the same everything there too (in Domain 
Controller Policy and Domain Policy). Still no joy.
 
Applied change suggested in KB 326690. Still no joy.
 
Vircom is baffled as well, they say.
 
Any hints or suggestions for me?
 
Thanks.
 
.+-Šwè†Ûiÿü0Á-Š÷+ƒùšŠYb²Øm˜¸¬´P†Ûiÿü0Á-Š÷+ƒùb²×Úf.+-j·!Š÷¡¶Úÿ
0™¨¥j·!Š÷œ¢oÚrØyØãIšŠVœ¶+Þv*è®