e enjte, 30 korrik 2009

Do we need AD User with privilages to bind to an ADSI object, using the given credentials, from a web page ?

This is what i think,

The credentials are required because IIS has it authentication methods per site/folder/file as configured in IIS. Security tokens generated from Integrated Authentication are good for the local machine resources of the server running IIS. Active Directory is a remote resource and if the server running IIS is only a domain member and not a controller, the remote resource will request credentials. If a specific domain username and password are not passed, IIS uses a machine anonymous account. So then authentication will fail.

Also this is dependent on the security policies specified say of each OU and groups that’s their Domain policies
However few prerequisites as such would be, User in domain security group "Account Operators",
• Permissions to create LDAP object with the designated AD server.
• Permissions to create and query AD object of other users.

Any other view regarding the same.....pls do comment here.

Nuk ka komente: