To set up Active Directory Integration, you can use a Domain Admin account, or setup a new user in AD with the following permissions for the ADI Sync setup:
- read all user information
- read all inetOrgPerson information
Below are instructions showing how to create an AD User with necessary Read Permissions:
- Open Active Directory. Right-click on your domain and select Delegate Control.
- Add ADI Service account (created previously).
- Grant the following Tasks:
- Read all user information
- Read all inetOrgPerson
4. Finally, you will need to reconfigure your ADI sync service if you want to use your new AD service account with ADI.
- To change the specified user:
- Browse to the \ADIsync folder and delete the file named: <domain>.dat
- Then, open an elevated CMD and browse to the \ADIsync folder, and then type: ADIsync.exe config