![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 57.00000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,124 questions
By default, all users can enumerate accounts in AD. There are no specific permissions to grant (unless there was some heavy customization done by the AD admins).
In your case, the issue might not be with the permissions of your account on AD, but the privilege your account has on the local system.
Could you open the security event log of the machine on whch you are trying and see if you find event 4625 indicating a failed logon for that account? Even if you have typed the right password, an failed logon event 4625 will be logged if that's in fact a privilege issue on the machine (well of course if the right auditing is in place, but let's see).
There are other potential factors (such as trust configuration, and domain controller security settings), but let's check the obvious first.
