OK, I should probably know this, but I had to create an account yesterday to be used as a service account for the purpose of LDAP queries/synchronization. For the sake of expediency, I added the account to the Domain Admins group, to ensure access to all OUs and groups, but I don't want to leave it like that. I do not like giving more security to an account than it needs to work, but I'm not sure what that is in this case. What do I need to do so this account can search LDAP without being a Domain Admin?
Login or Sign Up
- Log in with