cancel
Showing results for 
Search instead for 
Did you mean: 

AD Sync Account Rights?

Does anyone know what rights are required for the account performing AD Sync?

In our 2003 domain, a regular domain user account works fine.

In a seperate 2008 domain, only a domain admin account seems to work.

McAfee support tells me to use a domain admin account.

This seems rediculous from a security standpoint!

Does anyone know if there's a specific right that a generic domain user account can be given to query LDAP for syncing w/ EPO ?

3 Replies
Highlighted
McAfee Employee jstanley
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: AD Sync Account Rights?

The ePO 4.X AD Sync does not write anything to the AD so you need full read permissions but not write/modify permissions. My guess would be that user accounts on a Windows 2008 AD do not have full read permissions.

Re: AD Sync Account Rights?

Oddly enough, using a USER account from the 2008 domain did not work, possibly because the trust is only 1 way.

However, using our standard EPO (domain user) account from the original 2003 domain works fine.

I suspect the caveat has to do with the one-way-trust, and that a regular user WOULD work if the EPO server was in the new 2008 domain.

Re: AD Sync Account Rights?

Since the trust between is only 1 way, we couldnt use a domain-user account in the new/2008 domain. using a domain-user account in the original domain (the trustED domain) did work.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community