Replicating directory changes for SharePoint

The User Profile Service Application service account requires Replicate Directory Changes in Active Directory Domain Services on the domain node. The Grant Replicate Directory Changes permission does not enable an account to create, change or delete Active Directory Domain Services object. It enables the account to read Active Directory Domain Services objects and to discover Active Directory Domain Services objects that were changed in the domain.
Below steps should be followed to make this configuration.

  • Create Delegate Control

In Windows Server Domain Controller, open Active Directory Users and Computers, right-click the domain and then click Delegate Control.

Create Delegate Control

  • Delegation of Control Wizard

Click on Delegate Control and then click Next.

It helps you delegate control of Active Directory objects. You can grant users permission to manage users, groups, computers, organizational units, and other objects stored in Active Directory Domain Services.

Delegation of Control Wizard

  • Users or Groups

Click Add.

Here you can add one or more users or groups to whom you want to delegate control.

Users or Groups

  • Select Users, Computers, or Groups

Type the name of the UPS synchronization account, and then click OK.

Select Users, Computers, or Groups

  • Tasks to Delegate

Select Create a custom task to delegate, and then click Next.

Tasks to Delegate

  • Active Directory Object Type

Delegation of controls wizard:
This folder, existing objects in this folder, creation of new objects in this folder then
click Next.

Active Directory Object Type

  • Permissions

Select General and in the Permissions box, select Replicating Directory Changes and then click Next.

Select the permissions you want to delegate from here.

Permissions

  • Completing the Delegation of Control wizard

Click Finish.

Completing the Delegation of Control wizard

Above completes the steps to configure the Permissions of User Profile service account.

If you have any query or want more information on SharePoint 2016 Grant Replicate Directory Changes permission to User Profile service account, contact us today at +1-484-876-1867 or send us a message.

 

Related Posts

Leave a comment