Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

How powerful a logonid do you need to synchronize with Active Directory?

  • 1.  How powerful a logonid do you need to synchronize with Active Directory?

    Posted Oct 14, 2009 06:08 PM
    On the SEP Manager that we are installing now, we could like a set of client groups to by synchronized with our Active Directory domain.  To configure this synchronization, I will need to supply a user name and password, and we will have to create a service account for this purpose.

    For obvious reasons, we would like to create an account that has the permissions needed to synchronize successfully, and no other permissions.  Can somebody tell me what this set of permissions would be?  Does the synchronization need to write or change anything on the AD server? 

    I've run the synchronization successfully with a domain administrator username, but I'd like to avoid doing that in production, if possible.


  • 2.  RE: How powerful a logonid do you need to synchronize with Active Directory?
    Best Answer

    Posted Oct 14, 2009 06:26 PM
    The Synchronization will not make any chnage to your AD server.

    And I did not get the first question .

    Title: 'Organizational Units from Active Directory in Symantec Endpoint Protection 11.0'
    Document ID: 2007092721431648
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007092721431648?Open&seg=ent