Restrict access to AD over LDAP

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi all!

Is there any way to restrict LDAP access to AD (2003)? By default, any
authenticated user can read data in AD using LDAP - is there any way to
restrict users browsing AD using LDAP tools/VBScripts/etc? I can restrict
access tu ADUC MCC snap-in, however LDAP tools still work...

Any suggestion will be appreciated!

Thanx!
--
R.V.
4 answers Last reply
More about restrict access ldap
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    2003 is more suited for your goals.

    Check this out.
    http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm


    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Radovan Vojtek" <RadovanVojtek@discussions.microsoft.com> wrote in message
    news:38391A6A-D164-4BA2-8708-F7582F5401F1@microsoft.com...
    > Hi all!
    >
    > Is there any way to restrict LDAP access to AD (2003)? By default, any
    > authenticated user can read data in AD using LDAP - is there any way to
    > restrict users browsing AD using LDAP tools/VBScripts/etc? I can restrict
    > access tu ADUC MCC snap-in, however LDAP tools still work...
    >
    > Any suggestion will be appreciated!
    >
    > Thanx!
    > --
    > R.V.
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Paul, thanx for your answer! However, I need the "opposite way" - disable
    authenticated user to view AD. By default, all authenticated users can read
    whole AD - and this is little bit wrong (IMHO) ;-)

    Is absolutelly necessary to grant "Authenticated Users" read permission on
    qhole AD?

    Thanx,
    R.V.

    "Paul Bergson" wrote:

    > 2003 is more suited for your goals.
    >
    > Check this out.
    > http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Yes that is where 2003 comes in, it blocks unauthenticated binds. 2000 does
    not.

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Radovan Vojtek" <RadovanVojtek@discussions.microsoft.com> wrote in message
    news:1FD15D69-91C6-42A6-9A92-E11F7ED086FC@microsoft.com...
    > Paul, thanx for your answer! However, I need the "opposite way" - disable
    > authenticated user to view AD. By default, all authenticated users can
    read
    > whole AD - and this is little bit wrong (IMHO) ;-)
    >
    > Is absolutelly necessary to grant "Authenticated Users" read permission on
    > qhole AD?
    >
    > Thanx,
    > R.V.
    >
    > "Paul Bergson" wrote:
    >
    > > 2003 is more suited for your goals.
    > >
    > > Check this out.
    > > http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm
    > >
    > >
    >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    How can you authenticate if you can't attach to the AD. You can block
    access to individual ou's via permissions. Just go to the ou right click
    and permissions, etc...

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Radovan Vojtek" <RadovanVojtek@discussions.microsoft.com> wrote in message
    news:1FD15D69-91C6-42A6-9A92-E11F7ED086FC@microsoft.com...
    > Paul, thanx for your answer! However, I need the "opposite way" - disable
    > authenticated user to view AD. By default, all authenticated users can
    read
    > whole AD - and this is little bit wrong (IMHO) ;-)
    >
    > Is absolutelly necessary to grant "Authenticated Users" read permission on
    > qhole AD?
    >
    > Thanx,
    > R.V.
    >
    > "Paul Bergson" wrote:
    >
    > > 2003 is more suited for your goals.
    > >
    > > Check this out.
    > > http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm
    > >
    > >
    >
Ask a new question

Read More

LDAP Microsoft Active Directory Windows