如何配置LDAP认证最低权限管理员

在配置LDAP认证时需要一个管理员账号对接域，如果要求客户给administrator，客户会担心权限过大存在安全风险。

怎么配置一个最低权限的管理员哩？

To configure account privileges for LDAP authentication in Active Directory:

• In the Active Directory Users and Computers administrative console, right-click the Organizational Unit (OU) or the top-level domain you want to configure and select Delegate Control.
• In the Delegation of Control Wizard dialog, click Next.
• In the Users or Groups dialog, click Add... and search Active Directory for the users or groups.
• Click OK and then click Next.
• In the Tasks to Delegate dialog, select Create a custom task to delegate and click Next.
• Select Only the following objects in the folder and scroll to the bottom of the list. Select User objects and click Next.
• In the Permissions dialog, select General.
• From the Permissions list, select the following:

  
  
  Change password
  Reset password
• Clear the General checkbox and select Property-specific.
• From the Permissions list, select the following:

  
  Write lockoutTime
  Read lockoutTime
  Write pwdLastSet
  Read pwdLastSet
  Write UserAccountControl
  Read UserAccountControl
  
• Click Next and click Finish.
  
  

多谢分享，有助于工作。

多谢分享，有助于工作。

一起来学习，一起来学习