问题描述
我们的公司正试图实现使用Active Directory(Windows Server 2003中)和LDAP几个单点登录的应用程序。我想锁定用来做这些LDAP查询尽可能的帐户。什么是配置此类帐户的最佳做法?
Our company is trying to implement a few single sign-on applications using Active Directory (Windows Server 2003) and LDAP. I would like to lock down the account used to make these LDAP queries as much as possible. What is the best practice for configuring this type of account?
推荐答案
您可以限制/允许哪些用户可以或看到/查询中AD通过轻松使用委派向导。您可以通过一个OU单击鼠标右键,并选择委派控制方便地访问委派向导。您ALS可能想看看这些文章:
You can restrict/allow what a user can or see/query within AD by easily using the Delegation Wizard. You can access the Delegation Wizard easily by right-clicking on an OU, and the selecting Delegation Control. You als may want to take a look at these articles:
委派Active Directory管理的最佳实践:如何代表团工作在Active Directory 一>
委派最佳实践Active Directory管理:案例研究:委派方案一>
这篇关于闵安全权限在Active Directory preform LDAP查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!