PrepAway - Latest Free Exam Questions & Answers

Which Active Directory permission should you assign to the synchronization account?

You have a SharePoint Server 2013 server farm.
Active Directory attributes are imported to user profiles.
You need to ensure that if users change the mobile phone number in their SharePoint user profile, the
new information will be copied to their Active Directory user account.
Which Active Directory permission should you assign to the synchronization account?

PrepAway - Latest Free Exam Questions & Answers

A.
Read All Properties

B.
Manage Replication Topology

C.
Write All Properties

D.
Replicate Directory Changes

Explanation:
The synchronization account for a connection to Active Directory Domain Services (AD DS) must have
the following permissions:
It must have Replicate Directory Changes permission on the domain with which you’ll synchronize.
Note: The Replicate Directory Changes permission enables the synchronization account to read AD DS
objects and to discover AD DS objects that have been changed in the domain. The Grant Replicate
Directory Changes permission does not enable an account to create, modify or delete AD DS objects.

2 Comments on “Which Active Directory permission should you assign to the synchronization account?

  1. Alec says:

    If you’ll export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) with which you are synchronizing. For more information, see the “Grant Create Child Objects and Write permission” section of

    Reference:
    http://technet.microsoft.com/en-us/library/ff182925(v=office.15).aspx




    2



    0

Leave a Reply