Microsoft KB Archive/247118

= Server Objects Are Returned by Programs That Use LDAP to Access Active Directory =

Article ID: 247118

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q247118



SYMPTOMS
When you use programs that use Lightweight Directory Access Protocol (LDAP) to access Active Directory, a limited number of objects may be returned by the program.



CAUSE
This issue occurs because the program performs an anonymous bind by using LDAP. Only objects where the Everyone group has Read permissions are returned. By default, authenticated users have Read access to all objects.



RESOLUTION
To resolve this issue, assign the Everyone group Read permissions to objects in Active Directory. This permits anonymous access to objects for programs that use LDAP. If you modify access rights to objects, you must consider the security ramifications of the changes that you make.

You can configure security settings for each object that the program may access. To configure security settings, modify the Access Control settings of the object, or use the Dsacls.exe tool that is located in the Windows 2000 Support folder on the Windows 2000 Server CD-ROM. For pre-Windows 2000 programs, use the Application Compatibility tool, Apcompat.exe.

