I want to create a user that can query LDAP on my Windows 2008 R2 Active Directory. It only works with Domain Admins. I read the Account Operators group will also work. Both these have write rights, however. I also read that Domain Users should be able to work, but it does not. Only Domain Admin accounts work.
This is for a PHP program that has an LDAP plugin, so I'm trying to create a read-only user.
Best Answer
Any user in the Active Directory already has read only access to most (if not all) of the tree. If you could elaborate on exactly what type of error you see would be helpful. It's possible your code is not behaving in the manner that you expected.