The service account used to run the Quest One Identity Manager Job Service on a Domain Controller already has all the necessary permissions in Active Directory.
How can the master data be configured for the domain so an additional username/password is not required?
Set the Authentication to Secure in Manager | Active Directory | Domains | YourDomain | ChangeMasterData | Synchronization
You can then remove the username and password from the login tab.
Addtional Information from http://msdn.microsoft.com/en-us/library/system.directoryservices.authenticationtypes.aspx
Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.