Creating an ADI Service Account in Active Directory
To set up Active Directory Integration, you must use a Domain Admin account, or set up a new user in AD with the following permissions for the ADI Sync setup:
- read all user information
- read all inetOrgPerson information
Below are instructions showing how to create an AD User with necessary read permissions:
- Open Active Directory. Right-click on your domain and select Delegate Control.
- On the Delegation of Control Wizard, add your ADI Service account (created previously).
- Delegate the following Tasks:
- Read all user information
- Read all inetOrgPerson
4. Finally, you will need to reconfigure your ADI sync service if you want to use your new AD service account with ADI.
- To change the specified user:
- Browse to the \ADIsync folder and delete the file named: <domain>.dat
- Then, open an elevated CMD and browse to the \ADIsync folder, and then type: ADIsync.exe config