Azure AD DS Sync Account Permissions – Replicating Directory Changes

Posted on Updated on

Microsoft has a decent outline for getting started with setup of the Azure AD Sync tool.  One of the prerequisites is to prepare the AD account used for the synchronization of passwords is to grant it permissions for “Replicating Directory Changes” and “Replicating Directory Changes All”.  This blog post serves as a quick guide on how to configure that.

1.  Within ADUC, right-click on the domain and select Delegate Control

azuresync1

2.  Click Next

azuresync2

3.  Add the AD service account that will be used

azuresync3

4.  Select to create a custom task delegation

azuresync4

5.  Select to delegate to This folder…

azuresync5

6.  Scroll through the list and find both “Replicating Directory Changes” and “Replicating Directory Changes All”

azuresync6

7.  Finally, complete the wizard

azuresync7

Advertisements

One thought on “Azure AD DS Sync Account Permissions – Replicating Directory Changes

    Andy Wilson said:
    November 9, 2015 at 3:46 am

    Why doesn’t Microsoft configure this for us, who knows.. Thanks heaps! Exactly what I was looking for!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s