Sophos Active Directory Sync - What rights are needed?

Hi bryangritton 

It should be working with read access but I'll update after discussion with the support team on this.

Hi bryangritton 

I have discussed this with my team and they have asked for the below permissions to have on the machine where AD sync utility is installed.

1. Change the log on user to an account that does.
2. On the system where ad sync is installed:
   1. Rights to logon as a service
   2. Rights to interactive logon
   3. Rights to log on as a batch
   4. NTFS full permissions on c:\programdata\sophos\sophos cloud ad sync
   5. The account would need rights to read OU on DC that you want to sync.

It advised that domain admin user is the recommended to avoid any mess.

Hi bryangritton 

I have discussed this with my team and they have asked for the below permissions to have on the machine where AD sync utility is installed.

1. Change the log on user to an account that does.
2. On the system where ad sync is installed:
   1. Rights to logon as a service
   2. Rights to interactive logon
   3. Rights to log on as a batch
   4. NTFS full permissions on c:\programdata\sophos\sophos cloud ad sync
   5. The account would need rights to read OU on DC that you want to sync.

It advised that domain admin user is the recommended to avoid any mess.

Hello Jasmin, thanks for the clarification.

On further review I think this might not have been a permissions issue at all.  I increased the amount of RAM on the virtual machine running the sync job from 4 GB to 8 GB.  Before the change I had triggered a Sophos AD Sync, which seemed to hang and never complete.  I did the same thing after the change, and the sync completed almost immediately.  

Thanks for your time.

Hi bryangritton 

You're welcome.

Please feel free to post any of your queries on the community!