Grant Permissions for SharePoint User Profile Service Accounts – Replicate Directory Changes

If you have Installed SharePoint Server with Active Directory Authentication, one of the greatest benefit is that you will get a central place for all your objects management such as Users/Addresses/Records etc.. In SharePoint it’s cool feature that you can simply synchronize all AD Users in to SharePoint and manage them centrally from AD but can be also synchronized those changes in to SharePoint User Profile application where everything kept up to date. For this you have to get the User profile Service application created. This post I’m writing because it is not only to create the service application but you have to delegate some level of permission to User Profile Service application Account (Identity) in order to replicate all the changes from AD. SharePoint will have the service application but If you have not done this delegation, service application won’t be able to replicate objects/changes from AD.

So let’s start this and make our UPS guy functional. For the whole thing you will need to deal with AD only as nothing to be done from SharePoint if you have already created service application and created service connection to you AD.

    1. Launch the Active Directory Users and Computers. Right click on your domain and Click "Delegate Control"


    1. It will open up below windows and simply hit Next to proceed.


    1. Add Relevant Service Accounts


    1. Choose "Create Custom Task to Delegate" at below window


    1. Choose "This Folder, Existing objects in this folder, and creation of new objects in this folder" (option 1) in below window.


    1. Under General Category Select "Replicate Directory Changes" and hit Next


    1. Click "Finish" to complete


    1. Now launch the ADSI in edit mode by typing "adsiedit.msc" at "Run" as shown below


    1. It will open up below Interface and from there expand the Configuration and right click on Configuration container and go to properties as shown


    1. Direct to Security Tab from there and add the service accounts with Replicate Directory Changes Permission Level


    1. Click Ok to close the window and close the ADSI to complete.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s