question

NateAnderson-3851 avatar image
0 Votes"
NateAnderson-3851 asked sikumars commented

What are the permissions needed for AADDS LDAP bind?

Hello,

The documentation I found about setting up LDAPS with AADDS doesn't mention anything about the permissions required to perform an LDAP bind. These are the requirements I extracted from https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps:

  • Users (and service accounts) can't perform LDAP simple binds if you have disabled NTLM password hash synchronization on your managed domain.

  • Provide the credentials of a user account that belongs to the managed domain.

As far as I can tell, using the credentials of any user that belongs to the domain doesn't work, even after confirming that NTLM password hash synchronization is configured. An LDAP bind as tested with the LDAP.exe tool continued to fail with invalid credentials until the user was added to the "AAD DC Administrators" group in Azure AD.

What are the minimal permissions for an LDAP bind with AADDS? I found other questions in this forum with the same problem, but I can't find a solution.

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LoganMabe-2649 avatar image
0 Votes"
LoganMabe-2649 answered sikumars commented

You do not have to be a member of the AAD DC group.
Any authenticated user can bind to AD.
No special permissions are needed, but the user needs to be synced to the AAD DS domain.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @NateAnderson-3851,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,

0 Votes 0 ·