返回
-
标题
Incomplete Sync of Active Directory Objects from Identity Manager when connecting via Active Roles -
说明
When working with a service account which is not an Active Roles Administrator, permissions which are sufficient for other Active Roles clients do not allow a connection from Identity Manager to see all objects. -
原因
In addition to any other desired Access Templates, Identity Manager connections require "All Objects - Read All Properties" to be delegated to the root of the target Active Directory Domain. -
解决办法
In the Active Roles Console, delegate access to the Identity Manager service account at the root of the Domain using the Access Template found at Configuration/Access Templates/Active Directory/All Objects - Read All Properties.