You won't need anything other than a normal userid unless you have put weird ACEs in place to hide user objects and then you just need to have the normal userid in the right group and that right group shouldn't have to be Administrative level.
Note though that no group membership is going to give you rights to "see" passwords. You can get all of the userids you want but if the app needs to pull the password or a password hash you are SOL. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Tuesday, December 19, 2006 8:41 AM To: [email protected] Subject: [ActiveDir] Schema Extension Question Guys (and Gals) I am far from an LDAP expert and we have not modified our Windows 2003 FFL Schema at all. I don't even have SP1 running as I am just still a little gunshy about it. But now me and my network engineer are under heavy pressure to move our POP 3 email clients to a Server Centric Web based model that will allow internet access to email. So my network engineer and *nix expert is testing a *nix based program to do that. We are having trouble with it connecting to AD to authenticate Users because it is popping errors that state "I can't find the Schema extensions." He is chasing that and I'm not really happy about modifying the shema, if indeed we end up having to do that, but here is my question. Will this app need an elevated credential (Domain or Enterprise Admin) to simply LDAP query the AD from this *nix box to get usernames or passwords or can it be done without that power? I know you don't know the app, but the question is a generic one relative to *nix boxes querying an AD. Thanks in advance. RH _____________________________ Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company Old Town, Maine Voice: 207.827.4456 Ext. 387 Email: [EMAIL PROTECTED] www.jws.com _____________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
