Limit Active Directory property access

20 September 2023 Active Directory Robert Muehsig

Be aware: I’m not a full time administrator and this post might sound stupid to you.

The Problem

We access certain Active Directory properties with our application and on one customer domain we couldn’t get any data out via our Active Directory component.

Solution

After some debugging and doubts about our functionality we (the admin of the customer and me) found the reason: Our code was running under a Windows Account that was very limted and couldn’t read those properties.

If you have similar problems you might want to take a look in the AD User & Group management.

  1. You need to active the advanced features:

x

  1. Now check the security tab, go to advanced view and add a new permission or change a existing one:

x

  1. Here you should be able to see a huge dialog with all available properties. Check if your user is able to read your target property

x

Hope this helps!

Written by Robert Muehsig

Software Developer - from Saxony, Germany - working on primedocs.io. Microsoft MVP & Web Geek.
Other Projects: KnowYourStack.com | ExpensiveMeeting | EinKofferVollerReisen.de