Running LDAP Tool as Domain Admin
Posted: Tue Nov 13, 2012 9:29 am
Hi,
When I run the service as a standard domain user the service is unable to see and import any users that exist in the import groups other than domain admin users and the account being used to run the service.
If I run the service as a domain admin account it does see and import in all the users. However if I am to login a Win7 machine (for example) as that same standard domain user running the service, I’m able to search for and display the details of the users who are not domain admins by just using the default windows directory search.
I’m not quite understanding why there is a mandatory need to run the service as a domain admin when as a standard domain user the details appear accessible.The issue here is security, as a domain admin account has big security implications and looks to be an excess level of rights for what is needed to be returned.
Are you able to advise further?
Thanks.
When I run the service as a standard domain user the service is unable to see and import any users that exist in the import groups other than domain admin users and the account being used to run the service.
If I run the service as a domain admin account it does see and import in all the users. However if I am to login a Win7 machine (for example) as that same standard domain user running the service, I’m able to search for and display the details of the users who are not domain admins by just using the default windows directory search.
I’m not quite understanding why there is a mandatory need to run the service as a domain admin when as a standard domain user the details appear accessible.The issue here is security, as a domain admin account has big security implications and looks to be an excess level of rights for what is needed to be returned.
Are you able to advise further?
Thanks.