Security and privacy

 
 
Russell Waldron
Re: Company demanding domain access - connect as
 

Keith, the minimum permission needed to write in that field in YOUR AD is domain admin. [MSDN]

Yes, action with domain admin accounts must be risk-managed. 

That field is normally fairly static information for humans. It sounds like you are harvesting manually updated data from Moodle and putting it into AD. Is it acceptable to update that field daily, instead of instantly? Can the company supply a daily text file of changed ID data? Would you be prepared to schedule a PowerShell script nightly to insert that into your AD? Would you be any more reliable/trustworthy than the Company?

 

Good luck

 

Russell

 
Average of ratings: -