I want to create a User in AD on Server 2003 that I can use to specify in authenticators to bind to AD that would have read-only attributes to the Users directory. I’ve been using the administrator account, but IU would rather have a more limited User in place. What permissions would this User need to be able to do that?