Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SEE 8.2.1 RS & AD Syncronization

Created: 19 Oct 2012
diabolicus23's picture

Could someone explain me why the account used to read Active Directory  must have also the permission to read deleted objects container?

I'm talking about the instructions found in the installation guide:

"you will grant the ability of the designated domain user account to
read and list the children of all objects in Active Directory, including the deleted objects container.
Applying this permission is necessary to allow the proper functioning of the Active Directory
synchronization service."
Till now, I've only used a "normal" user that can browse the AD but I did not grant the permission with the command dacls.exe etc etc.
What kind of issue could I have in this scenario (without the permission to read deleted objects)?
Thanks in advance
PS SEE RS Edition 8.2.1