|
Posted by Roger Abell [MVP] on October 15, 2005, 1:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
I believe you can not realistically do that as an account will at times
be issuing Ldap queries, behind the scenes, sometimes against
the GCs, just to function as a domain client. Also, not all Ldap
queries are authenticated queries so if your objective is to
avoid a potential DoS from malicious queries they may try to
side-step your efforts using unauthenticated binds if they are
allowed to communicate with the ldap and gc ldap ports.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
> Is there a way to block certain user accounts from performing LDAP queries
> on Active Directory?
>
> If anyone could let me know I would be most appreciative.
>
| 
XML site map