25,149 questions
You do not have to be a member of the AAD DC group.
Any authenticated user can bind to AD.
No special permissions are needed, but the user needs to be synced to the AAD DS domain.
What are the permissions needed for AADDS LDAP bind?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 7.000000000000001%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nate Anderson
6
Reputation points
Hello,
The documentation I found about setting up LDAPS with AADDS doesn't mention anything about the permissions required to perform an LDAP bind. These are the requirements I extracted from https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps:
- Users (and service accounts) can't perform LDAP simple binds if you have disabled NTLM password hash synchronization on your managed domain.
- Provide the credentials of a user account that belongs to the managed domain.
As far as I can tell, using the credentials of any user that belongs to the domain doesn't work, even after confirming that NTLM password hash synchronization is configured. An LDAP bind as tested with the LDAP.exe tool continued to fail with invalid credentials until the user was added to the "AAD DC Administrators" group in Azure AD.
What are the minimal permissions for an LDAP bind with AADDS? I found other questions in this forum with the same problem, but I can't find a solution.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 88%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Logan Mabe 1 Reputation point2021-04-01T16:53:25.117+00:00 -
Siva-kumar-selvaraj 15,721 Reputation points2021-04-08T06:22:56.873+00:00 Hello @Nate Anderson ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Sign in to comment -