Active Directory Rights for Synchronization Account
You are viewing documentation for a version of Secret Server that is no longer supported. Delinea supports Secret Server for one year after release. This version has passed that window and will no longer receive updates. We strongly recommend upgrading to a supported version. Visit the current version of this page for the latest documentation.
For release dates, end-of-support timelines, and upgrade guidance, see the Secret Server Product Lifecycle page.
You can view the latest version of the Secret Server documentation here.
For release dates, end-of-support timelines, and upgrade guidance, see the Secret Server Product Lifecycle page.
You can view the latest version of the Secret Server documentation here.
Below is a listing of the Active Directory permissions required by the account used for synchronization. See Configuring Active Directory for more on selecting this account.
Recommended Permissions
Object Tab
This object and all descendant objects:
- List contents
- Read all properties
Minimum Required Permissions
These all require ADSI Edit - Allow (Active Directory Service Interfaces Editor) permission.
Object Tab
This object and all descendant objects:
- List contents
Properties Tab
This object and all descendant objects:
- Read objectClass
Descendant User objects:
- Read Display Name
- Read Distinguished Name
- Read E-mail-Address
- Read objectGUID
- Read Logon Name
- Read Logon Name (pre-Windows 2000)
Descendant Group objects:
- Read displayName
- Read Distinguished Name
- Read Group name (pre-Windows 2000)
- Read groupAttributes
- Read memberOf
- Read Members
- Read objectGUID
