This article details the required permissions for configuring the Azure BackSync in the Active Roles Synchronization Service.
1) As stated in SyncService Admin guide: For Office 365 connector and the Azure AD connector configuration Global Administrator role is required.
Reference:
Active Roles 7.4.5 - Synchronization Service Administration Guide (Creating a Microsoft Office 365 connection)
Active Roles 7.4.5 - Synchronization Service Administration Guide (Creating a Microsoft Azure Active Directory connection)
2) For BackSync configuration and operation following minimum permissions are required.
Reference:
Active Roles 7.4.5 - Synchronization Service Administration (Configure Azure Backsync)
NOTE:
a) User administrator
b) Privileged role administrator
c) Exchange administrator
d) Application administrator
$psCred=Get-Credential
Connect-AzureAD -Credential $psCred
$roleTemplate = Get-AzureADDirectoryRoleTemplate | ? { $_.DisplayName -eq "Directory Writers" }
# Enable an instance of the DirectoryRole template
Enable-AzureADDirectoryRole -RoleTemplateId $roleTemplate.ObjectId
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center