Add Read permission to the account used to authenticate to the LDAP server
You can use the
WindowsServer ADSI Edit tool to add Read permissions to the account that is used to authenticate to the LDAP server. You must have a membership in the Domain Admins group or equivalent permissions to complete this task.
- Start the ADSI Edit utility.
- Right click theADSI Editoricon and clickConnect to.
- In theConnection Settingsscreen, in theConnection Pointsection, selectSelect a well known Naming Contextand from the drop-down list, selectDefault naming context.
- Click your domain.
- Navigate to and expandCN=System.
- Right-clickCN=Password Settings Containerand clickProperties.
- On theSecuritytab, clickAddto add the account, or the user group that the account is a member of, that is used to authenticate to the LDAP server.
- UnderGroup or user names, with the added account or user group selected, select theReadcheckbox in theAllowcolumn.