Article ID: 247118
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q247118
SYMPTOMS
When you use programs that use Lightweight Directory Access Protocol (LDAP) to access Active Directory, a limited number of objects may be returned by the program.
CAUSE
This issue occurs because the program performs an anonymous bind by using LDAP. Only objects where the Everyone group has Read permissions are returned. By default, authenticated users have Read access to all objects.
RESOLUTION
To resolve this issue, assign the Everyone group Read permissions to objects in Active Directory. This permits anonymous access to objects for programs that use LDAP. If you modify access rights to objects, you must consider the security ramifications of the changes that you make.
You can configure security settings for each object that the program may access. To configure security settings, modify the Access Control settings of the object, or use the Dsacls.exe tool that is located in the Windows 2000 Support folder on the Windows 2000 Server CD-ROM. For pre-Windows 2000 programs, use the Application Compatibility tool, Apcompat.exe.
REFERENCES
For additional information about how to edit the access control list (ACL) of an Active Directory object, click the following article number to view the article in the Microsoft Knowledge Base:
218596 HOW TO: Assign Access Control Permissions on the Properties of an Active Directory Object
For additional information about the Dsacls.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:
281146 How to Use Dsacls.exe in Windows 2000
For additional information about the Apcompat.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:
251062 Description of the Application Compatibility Tool
Keywords: kbprb KB247118