In order to ask replicate directory changes permission to a domain controller, it does not have to be a domain admin. by delegation, we can create this.
why do we do this?
like say, user wants to update their information from SharePoint by themselve, we can allow the information that store in SharePoint database and replicate to the Active Directory. Some also need to be done as well in SharePoint Administration.
How to Grant Replicate Directory Changes?
- At your domain controller, open up the Active Directory Users and Computers.
- Right-click the domain. for example, netoverme.local ans select Delegate Control
- Click Next on the Delegation Control Wizard.
- On Users and Groups windows, click Add.
- type a name of synchronization account. For example, sp_admin .click Next
- on task to delegate, select create a custom to delegate and click next.
- on the Active Directory Objext Type, Select This Folder,existing objects in this folder, and creation of new objects in this folder, and click Next.
- on the Permission pages, select Replicating Directory Changes.
- click Next and Finish.