Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEE 8.2.1 RS & AD Syncronization

Created: 19 Oct 2012
diabolicus23's picture

Could someone explain me why the account used to read Active Directory  must have also the permission to read deleted objects container?

I'm talking about the instructions found in the installation guide:

 

"you will grant the ability of the designated domain user account to
read and list the children of all objects in Active Directory, including the deleted objects container.
Applying this permission is necessary to allow the proper functioning of the Active Directory
synchronization service."
 
Till now, I've only used a "normal" user that can browse the AD but I did not grant the permission with the command dacls.exe etc etc.
 
What kind of issue could I have in this scenario (without the permission to read deleted objects)?
 
Thanks in advance
 
PS SEE RS Edition 8.2.1