Restrict access to AD over LDAP

[Guest]

Hi all!

Is there any way to restrict LDAP access to AD (2003)? By default, any
authenticated user can read data in AD using LDAP - is there any way to
restrict users browsing AD using LDAP tools/VBScripts/etc? I can restrict
access tu ADUC MCC snap-in, however LDAP tools still work...

Any suggestion will be appreciated!

Thanx!

 

[Paul Bergson]

2003 is more suited for your goals.

Check this out.
http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm

 

[Guest]

Paul, thanx for your answer! However, I need the "opposite way" - disable
authenticated user to view AD. By default, all authenticated users can read
whole AD - and this is little bit wrong (IMHO) ;-)

Is absolutelly necessary to grant "Authenticated Users" read permission on
qhole AD?

Thanx,
R.V.

 

[Paul Bergson]

Yes that is where 2003 comes in, it blocks unauthenticated binds. 2000 does
not.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Paul Bergson]

How can you authenticate if you can't attach to the AD. You can block
access to individual ou's via permissions. Just go to the ou right click
and permissions, etc...

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.