I have an account specifically for ldap bind. It is not able to login locally for security reasons. It is not in the default “Users” group in AD.
It appears that membership in the default Users group is required somehow? Does anyone know why?
I have checked the security permissions on the OU that contains employees accounts and Authenticated Users have read access. So wouldn’t any account that has a valid login to AD be able to read the information? If so then why wouldn’t that account be able to return accounts from ldap?