Re: Access Control to LDAP on AD?
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/15/05
- Next message: Roger Abell [MVP]: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- Previous message: Peter Foldes: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- In reply to: -: "Access Control to LDAP on AD?"
- Next in thread: -: "Re: Access Control to LDAP on AD?"
- Reply: -: "Re: Access Control to LDAP on AD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Oct 2005 22:17:54 -0700
I believe you can not realistically do that as an account will at times
be issuing Ldap queries, behind the scenes, sometimes against
the GCs, just to function as a domain client. Also, not all Ldap
queries are authenticated queries so if your objective is to
avoid a potential DoS from malicious queries they may try to
side-step your efforts using unauthenticated binds if they are
allowed to communicate with the ldap and gc ldap ports.
-- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 <-> wrote in message news:uL$IzaS0FHA.3188@TK2MSFTNGP14.phx.gbl... > Is there a way to block certain user accounts from performing LDAP queries > on Active Directory? > > If anyone could let me know I would be most appreciative. >
- Next message: Roger Abell [MVP]: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- Previous message: Peter Foldes: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- In reply to: -: "Access Control to LDAP on AD?"
- Next in thread: -: "Re: Access Control to LDAP on AD?"
- Reply: -: "Re: Access Control to LDAP on AD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
