Could someone explain me why the account used to read Active Directory must have also the permission to read deleted objects container?
I'm talking about the instructions found in the installation guide:
"you will grant the ability of the designated domain user account to
read and list the children of all objects in Active Directory, including the deleted objects container.
Applying this permission is necessary to allow the proper functioning of the Active Directory
synchronization service."
Till now, I've only used a "normal" user that can browse the AD but I did not grant the permission with the command dacls.exe etc etc.
What kind of issue could I have in this scenario (without the permission to read deleted objects)?
Thanks in advance
PS SEE RS Edition 8.2.1