Permissions for accessing ADAM (Active Directory for Application Mode)

To enable application to access the ADAM partitions, we need to do the following permissions using ADSI-Edit and AzMan:

In ADSI-Edit, your ADAM partition has a Roles container. Inside that is Readers. Edit the "members" attribute of Readers, and add whatever AD Groups and Users will be running your application or the Application Pool Identity that is being used to run the Worker Process in case of IIS hosted application. This gives them access to the ADAM partition.

In Authorization Manager, right-click on your store and click Properties, go to the Security tab. In there, select the Reader role and add the same AD Users and Groups you added in step 1. This gives them permission to call AccessCheck.