Creating an ADI Service Account in Active Directory

To set up Active Directory Integration, you must use a Domain Admin account, or set up a new user in AD with the following permissions for the ADI Sync setup:

• read all user information
• read all inetOrgPerson information

Below are instructions showing how to create an AD User with necessary read permissions:

1. Open Active Directory. Right-click on your domain and select Delegate Control.
   
   
   
   
2. On the Delegation of Control Wizard, add your ADI Service account (created previously).
   
   
   
   
3. Delegate the following Tasks:
1. Read all user information
2. Read all inetOrgPerson

4. Finally, you will need to reconfigure your ADI sync service if you want to use your new AD service account with ADI.  

• To change the specified user:
• Browse to the \ADIsync folder and delete the file named: <domain>.dat
• Then, open an elevated CMD and browse to the \ADIsync folder, and then type: ADIsync.exe config