I have a working AD LDS instance that acts as a proxy to AD. For users that are members of the LDS Administrators and Readers groups, I can successfully authenticate and search the LDS instance. For a user in the Users role/group, the searches fail. So I want to investigate how permissions work on LDS roles.
I logged into my LDS box as the domain admin and attempted to run the following cmds to view permissions:
dsacls \\localhost:50005\DC=xxx,DC=COM
It did not work either with the hostname, FQDN or IP address.
I get:
The specified server cannot perform the requested operation.
The command failed to complete successfully.
How can I view permissions? How can I figure out which permission is allowing Admins and Readers to search the LDS instance that the Users role does not have?
Thanks
leo