This support statement is provided by the Product Management Team.
Minimum permissions needed for an Active Directory (AD) user to synchronize computers with ePO:
AD Synchronization requires a domain user on the AD environment to be synced with access to the containers you want to synchronize. Although it might be possible to further restrict the rights on the user enumerating the AD environment, any further restrictions are for the customer to undertake.
The following fields are used during an AD Synchronization:
- Name
- Distinguished Name
- Description
- Net BIOS Name
- Object GUID
- Object Category
- Parent Container
- Container
Customers are free to harden the AD user account. But, it is recommended that you verify that the needed information is synchronized.
