Skip Navigation

Add Read permission to the account used to authenticate to the LDAP server

You can use the
Windows
Server ADSI Edit tool to add Read permissions to the account that is used to authenticate to the LDAP server. You must have a membership in the Domain Admins group or equivalent permissions to complete this task.
  1. Start the ADSI Edit utility.
  2. Right click the
    ADSI Editor
    icon and click
    Connect to
    .
  3. In the
    Connection Settings
    screen, in the
    Connection Point
    section, select
    Select a well known Naming Context
    and from the drop-down list, select
    Default naming context
    .
  4. Click
    OK
    .
  5. Click your domain.
  6. Navigate to and expand
    CN=System
    .
  7. Right-click
    CN=Password Settings Container
    and click
    Properties
    .
  8. On the
    Security
    tab, click
    Add
    to add the account, or the user group that the account is a member of, that is used to authenticate to the LDAP server.
  9. Under
    Group or user names
    , with the added account or user group selected, select the
    Read
    checkbox in the
    Allow
    column.
  10. Click
    Apply
    .
  11. Click
    OK
    .