Your company's ad could live here and reach over 50,000 people a month!

Share This Post

Azure

Azure AD DS Sync Account Permissions – Replicating Directory Changes

Microsoft has a decent outline for getting started with setup of the Azure AD Sync tool.  One of the prerequisites is to prepare the AD account used for the synchronization of passwords is to grant it permissions for “Replicating Directory Changes” and “Replicating Directory Changes All”.  This blog post serves as a quick guide on how to configure that.

1.  Within ADUC, right-click on the domain and select Delegate Control

azuresync1

2.  Click Next

azuresync2

3.  Add the AD service account that will be used

azuresync3

4.  Select to create a custom task delegation

azuresync4

5.  Select to delegate to This folder…

azuresync5

6.  Scroll through the list and find both “Replicating Directory Changes” and “Replicating Directory Changes All”

azuresync6

7.  Finally, complete the wizard

azuresync7

Filed under: Azure

Share This Post

Leave a Reply