Active directory roles: difference between users and readers

What are the exact differences between users and readers in the active directory roles. I assume that users can modify certain things while readers are 'read-only', but i'd like to verify so that a) I don't forget any important details, and b) that my assumption is correct

Solution

There's no such thing as a Reader role in AD out of the box. Are you perhaps looking at AD LDS or ADAM? ...

OK so out of the box AD LDS/ADAM has no read permissions (unlike AD). If you're in the "Reader" role, you can see everything in that partition. If you want more granular permissions, you'll want to use something like LDP to create those ACLs.

Get Notes field from Get-ADGroup
PowerShell - Return an array of all possible properties for an ADObject
Enable/Disable AD user with LDAP
Get-ADUser -Filter using Variable Array
Remove-AdObject with Import-CSV error
Error 0x80005000 and DirectoryServices
Windows PowerShell error when attempting to bulk edit the Cost Center (costCenter) attribute
Powershell - Exporting MemberOf to csv file from active directory
powerShell Set-acl strange error : there is not enough space on the disk
How can I get all groups a user belongs to using Okta's API?
How do you use Active Directory in a "hosted solution"?
What does systemFlags:1.2.840.113556.1.4.803:=2 mean in ldap?
PowerShell LDAPFilter multiple conditions
How to get ALL AD user groups (recursively) with Powershell or other tools?
Using powershell, how can I extract the OU path for a computer currently in AD?
Ldap simple user search return LDAP: error code 53 - Unwilling to process the unindexed search operation
Authenticating with Active Directory using user log-on name instead of display name
Does usn increases if a bind happens in Active Directory?
samba-tool GPO scripts
How to create a ldap BIND_DN for samba active directory
.NET 5 Blazor Server AD Group Authorization issue
Logon Batch Script Running for Standard Users but not Admins
What are CN, OU, DC in an LDAP search?
PHP LDAP query to get members of specific security Group
How to authenticate User Credentials against AD from Android Java
Is there any way to get VBA to get the current user's Full Name from a Windows user account without using CMD?
LDAP Query via Windows CMD
powershell foreach-object parallel - Not all properties of piped in object are available
VBScript: Using WScript.Shell to Execute a Command Line Program That Accesses Active Directory
Getting Active Directory "SecurityDescriptor" attribute in .net core on linux machine