Active Directory - How to grant an account to use Sync-ADObject ?

2016/03/19 | less than 1 minute read |

During an onboarding process, I had to create some accounts on a remote site where the Exchange Role is installed. There, the account can be mail-enabled. We do this because the information will get replicated to Office365 faster and we will be able to proceed with other automated tasks.

Once the account is created, mail-enabled, sync to Office365, added to a couple of DLs, I needed to sync back the account to my local Domain Controller.

This can be done using the Cmdlet Sync-ADobject from the Active Directory module.

Of course you will need to give explicit permission to an account to perform this action else you will get the following message:

Sync-ADObject : Insufficient access rights to perform the operation

To grant permission, you’ll need to launch the ADSIEdit tool and grant permission at the root of the domain for Replication Synchronisation

Once the permission granted, you’ll see the following

Leave a Comment