Hi guys, quick question.
The account used for AD Import in UPA, does he need to bee a member of the users group in AD?
I have an account that is in the service group in AD, a service account with replicate direcotry permission, but when i enter the account and pass and press to populate container i get invalid credentials. I know that the credentials are correct.
When I enter one of the SP users insted i can populate the container but the sync will not performe, because the users does not have replicate directory permission.
So, why cant i recognize a AD service account?
Hi,
It looks like you have already done the below but I would double check as it certainly seems to be permission related. Also double check by going into the security tab in AD and ensure that it is applied to all child objects.
For me this is because the account you are using to sync with has not been delegated rights within AD. So you could either rigth click the domain, delgate and choose the required permissions such as replicate driectory changes. Or I think you could get away with just doing it on the OU that you need to import from.
Also remember that should you ever need to export from SharePoint to AD you will need to give the sync account further permissions.
Thanks
Henry
