Due to security reason AD support guys are not ready to provide any ADC
nor any user id with Domain administrative right to sync only AD users
to IDM via RL. They can provide a user id with "Domain User" privilege
of AD only.

Also I was discussed about certificate deployment in DC for SSL based
access, but AD team also not agreed on that.. because their AD is
heavily loaded with so many ADC's and desktops.

I was installed a windows server and joined that server to AD domain.
Installed then running RL as local Administrator in that server. I was
used AD User id (With "Domain User" privilege) in authentication ID for
AD driver then run the Driver. But driver failed to migrate and sync
users from AD.

I know As per document we need Administrative user for AD driver with
RL. But here we don't want to sync passwords and want to sync only users
to IDM. Is it possible perform the same in member server with minimal of
AD user rights?

Please advice which minimum level of access is require to sync AD user
changes to IDM i.e. not passwords only user information? And is it
possible to do the same in member server with Local Administrative
rights for RL?



deb_sarkar's Profile: https://forums.netiq.com/member.php?userid=7951
View this thread: https://forums.netiq.com/showthread.php?t=51717