What permissions do users need to do an import of AD?
I'm trying to setup some Group Admins to be able to do an import of AD in their groups, but they can't see the necessary functions with their Group Admin permissions. And, like many functions for ePO, the docs are very limited, saying only "You must have appropriate permissions to perform this task.", but not saying what those permissions are.
I thought it would be under the "Systems" permission set, but I've given them all those permissions, but "Edit" in "Syncronization Type" still isn't showing.
I know they have high level AD permissions, but do you mean they will/might need other permissions in ePO? Any idea what those other permissions might be? I've given them "System Tree" access to their group (and subgroups), as well as all the "Systems" permissions there are...
Just got a reply from McAfee Tech Support on this: " As per case details provided, I understand that you have query about AD import by group admin on their group. Let me explain, if group admin has given full "server task permission" from the configuration then he will be able to perform AD import."
I find that strange, since the default "Group Admin" permission set only gives "view server tasks, view server task log" permissions, not the full "server task permission". Seems like that SHOULD be in the documentation.
more info: Even after making that change, the Group Admin still can't perform an AD import. I'm going back to McAfee to find out what's going on here.