Setting the Default Domain Policy

At the domain level, make sure that the Default Domain policy allows all authenticated users to have Read rights to All Properties.

  1. Expand Active Directory Users and Computers, right-click the domain name, then select Properties.

  2. Select the Group Policy tab, click Properties, then select the Security tab.

  3. Click Advanced.

  4. Select Authenticated Users Special, then click View/Edit.

  5. Under the Allow column, verify that the Read All Properties check box is checked.

    The following figure illustrates this check box:


    The Read All Properties check box
  6. Click OK.