>Hi,
>
>A customer and I are discussing the access of my VFP application to their Active Directory. He asked me the following question:
>
>"Will you be using your own user name you have on the domain to run queries on LDAP?"
>
>What is a better practice as far as the application accessing the AD?
Shouldn't the app be automatically doing everything under the account under which it's run? IOW, whatever your app does, is what the user, who runs it, does. So all the permissions, event log entries etc are that user's.
Anything else would be impersonation, which may be OK but that would have to be agreed with each local cerberus, so probably not worthwhile.