Hello:

I need to use anomymous ldap operations in windows server 2003 but I have
seen:

By default, anonymous LDAP operations to Active Directory, other than
rootDSE searches and binds, are not permitted in Windows Server 2003. (Active
Directory in Windows 2000 Server accepts anonymous requests; a successful
result depends on objects having correct user permissions in Active
Directory.)

To enable anonymous binding to Active Directory in Windows Server 2003, you
must change the seventh character of the dsHeuristics attribute on the
following directory object:

CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,Root domain
in forest

Valid values for the dsHeuristics attribute are 0 and 2. By default, the
dsHeuristics attribute does not exist, but its internal default is 0. If you
set the seventh character to 2, anonymous clients can perform any operation
that is permitted by the access control list (ACL).


Could you help me to create this attribute?

I have adsiedit for it.

Thanks by all.

Bye