Any user which can authenticate (any valid Domain User), and has read permissions will be able to see the AD.
In theory, therefore if you create a basic, can do nothing user they will be able to do the job.
The user I authenticate OA with as well as being a Domain User, is also a member of the Windows Authorisation Access Group, but this may not be necessary in all cases.
_________________ Andrew
[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home) LDAP: Active Directory[/size]
|