Table of Contents
The following permissions are required for the SecureAnyBox LDAP Agent in Microsoft Active Directory.
They must be applied to the OU where managed users reside and to the group that defines which accounts are to be managed.
1. Permissions on the OU (with inheritance to User objects ) #
Permissions for User objects
Property permissions (Read):
- Read general information
- Read mail information
- Read objectClass
Extended permissions:
- Reset password
2. Permissions on the Group object #
(or on the OU, with inheritance to Group objects )
- Read member (alternatively: Read all properties)
- Read permissions
