For delta scans, the directory provider requires Replicating Directory Changes.
For instructions how to add this permission to the Panel Service account, or to your chosen explicitly assigned credentials, please visit: https://support.microsoft.com/en-us/help/303972/how-to-grant-the-replicating-directory-changes-permission-for-the-micr
Service Account Permissions Reference
Original Microsoft MIM Guidance (the original MIIS incarnation) from a legacy location on download.microsoft.com can still be found here: https://download.microsoft.com/download/3/0/0/30082d6f-69b7-446f-9b29-dbd460b94f8a/MIIS_Ports_Rights_and_Permissions.doc
The AD connectivity requirements for HyperSync Panel are essentially the same as those required by MIM, with the relevant section is as follows:
Management Agent for Active Directory
Minimum Permissions
| Operation | Minimum Permissions |
|---|---|
| Connect and discover objects in Active Directory |
Member of Domain Admins group. - or - Replicating Directory Changes permission for each domain of the forest that the management agent accesses. |
| Create, modify, or delete Active Directory objects and attributes |
For non-administrative accounts, additional permissions might need to be added as appropriate. For example:
|
For more information about setting the Replicating Directory Changes permission in Active Directory, see Microsoft Knowledge Base article 303972 (http://go.microsoft.com/fwlink/?LinkId=47854).
Communication Protocols and Ports
| Service | Protocol | Port |
|---|---|---|
| LDAP | TCP/UDP | 389 |
| Kerberos | TCP/UDP | 88 |
| DNS | TCP/UDP | 53 |
| Kerberos Change Password | UDP | 464 |
Comments
0 comments
Please sign in to leave a comment.