Oh. While just about everything in A/D can be queried, on the Personal property set can be updated (assuming that the user is only a member of "Domain Users" and not a group with any additional privileges).
Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 7:35 PM To: NT System Admin Issues Subject: RE: Minimum Privileges to query AD through LDAP Yeah, sorry should'a been more clear. It was a document detailing all the restrictions you could possibly impose on a user so that if the password became known it wouldn't amount to much. Just want to make sure I haven't missed anything. jlc From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 5:07 PM To: NT System Admin Issues Subject: RE: Minimum Privileges to query AD through LDAP What FFL? "Authenticated Users" can query almost everything in 2003. "Everyone" can query almost everything in 2000. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 6:53 PM To: NT System Admin Issues Subject: Minimum Privileges to query AD through LDAP I can't find a doc I had that detailed all that could be done to lock down a user used for only LDAP queries making sure they had no other network access. Can someone jog my mind? Thanks! jlc ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
