|
| Re: ILM FP1 permissions during GAL sync |
 |
Wed, 30 Jan 2008 22:03:54 +010 |
Simon Geary wrote:
> So finally my question! Can I use ILM in the above scenario, to get a
> copy of the GAL from a child domain in which I have no admin rights,
> even though I do have admin rights in a different child domain in the
> same forest and can therefore read the relevant AD attributes?
>
Reason for these might be that ILM uses DirSynch for directory search
which enables it to work using deltas. For dirsynch to work it requires
an account to have one right which is "Replicate directory changes"
over
given NC.
I'm not sure if this will also prevent reading objects in full import
mode - will have to check it in a lab.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
|
| Post Reply
|
| Re: ILM FP1 permissions during GAL sync |
 |
Thu, 28 Feb 2008 14:03:24 -040 |
Thanks for the reply, you were correct I had to give the Replicate Directory
Changes permission in AD to get it to work, but thankfully did not require
domain admin rights.
"Tomasz Onyszko" <t.onyszko_spam_@w2k.pl> wrote in message
news:47A0E63A.5000104@w2k.pl...
> Simon Geary wrote:
>> So finally my question! Can I use ILM in the above scenario, to get a
>> copy of the GAL from a child domain in which I have no admin rights,
even
>> though I do have admin rights in a different child domain in the same
>> forest and can therefore read the relevant AD attributes?
>>
>
> Reason for these might be that ILM uses DirSynch for directory search
> which enables it to work using deltas. For dirsynch to work it requires an
> account to have one right which is "Replicate directory changes"
over
> given NC.
>
> I'm not sure if this will also prevent reading objects in full import
> mode - will have to check it in a lab.
> --
> Tomasz Onyszko
> http://www.w2k.pl/ - (PL)
> http://blogs.dirteam.com/blogs/tomek/ - (EN)
|
| Post Reply
|
|
|
|
|
|
|
|
|
|