How to sync SEE and AD in 2008 witn a non-domain admin account.

book

Article ID: 153097

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

How to configure a 2008 AD DS server to allow SEE Synchronization using a non-domain admin account?

Resolution

Perform the following from the 2008 Domain server:

  1. Create a domain user for SEE AD synchronization.
  2. Open a command prompt and enter the following commands
  3. dsacls.exe "CN=Deleted Objects,dc=your-org,dc=com" /takeownership
  4. dsacls.exe "CN=Deleted Objects,dc=your-org,dc=com" /G "your-org\adsyncuser":LCRP

Be sure to replace the dc=your-org,dc=com entry with the distinguished name of your own domain, and replace the your-org and adsyncuser entry with the domain name and user name of your own Active Directory synchronization account.

 

Having modified the Active Directory synchronization account, you can now proceed to the Management Server installation, and enter this account in the Directory Service Synchronization page of the Management Server InstallShield Wizard.