Active Directory - How to grant an account to use Sync-ADObject ?
During an onboarding process, I had to create some accounts on a remote site where the Exchange Role is installed. There, the account can be mail-enabled. We do this because the information will get replicated to Office365 faster and we will be able to proceed with other automated tasks.
Once the account is created, mail-enabled, sync to Office365, added to a couple of DLs, I needed to sync back the account to my local Domain Controller.
This can be done using the Cmdlet Sync-ADobject
from the Active Directory module.
Of course you will need to give explicit permission to an account to perform this action else you will get the following message:
Sync-ADObject : Insufficient access rights to perform the operation
To grant permission, you’ll need to launch the ADSIEdit tool and grant permission at the root of the domain for Replication Synchronisation
Once the permission granted, you’ll see the following
Leave a comment