-
标题
Minimum permissions for the Active Roles Sync Service Account to run BackSync operation -
说明
There is a requirement to apply minimum permissions to successfully run the ARS Sync Backsync operation.
-
解决办法
Status:
The Active Roles product team has raised Enhancement Request #487554 to include a builtin ACL in a future version of Active Roles.Workaround:
To ensure that back synchronization works as expected, the following is required:1.- Local administrator privileges where Active Roles Synchronization Service is running.
2.- Write permissions for edsvaAzureOffice365Enabled, edsaAzureContactObjectId, edsvaAzureObjectID, and edsvaAzureAssociatedTenantId attributes:
Note that this ACL needs to be applied at the root level, for discovery and enumeration. Or, break up into two ACLs, Read and Write permissions, and add Read at the root level with Write at the specific containers.