What is the minimum set of privileges that must be granted to allow Identity Manager to modify the accounts in a given OU?

To update or modify accounts across multiple OUs in Active Directory, you need at a minimum Write permissions on the specific user objects within each target OU.This can be achieved by delegating write permissions to a group, then adding the connector server's technical user to that group. You would then assign the necessary permissions to that group on each OU where account modifications are required.Please note that this is a general approach to managing permissions at the Active Directory level and has not been specifically tested in the support lab environment.

I highly recommend validating this approach in a test environment before implementing it in production.

More information related to privileges required to connect to AD can be found in the Broadcom technical documentation: