During an onboarding process, I had to create some accounts on a remote site where the Exchange Role is installed. There, the account can be mail-enabled. We do this because the information will get replicated to Office365 faster and we will be able to proceed with other automated tasks.Once the account is created, mail-enabled, sync to Office365, added to a couple of DLs, I needed to sync back the account to my local Domain Controller.
This can be done using the Cmdlet Sync-ADobject from the Active Directory module.
Of course you will need to give explicit permission to an account to perform this action else you will get the following message:
"Sync-ADObject : Insufficient access rights to perform the operation"
To grant permission, you'll need to launch the ADSIEdit tool and grant permission at the root of the domain for "Replication Synchronisation"
Once the permission granted, you'll see the following
Thanks for reading! If you have any questions, leave a comment or send me an email at fxcat@lazywinadmin.com. I invite you to follow me on Twitter @lazywinadm / Google+ / LinkedIn. You can also follow the LazyWinAdmin Blog on Facebook Page and Google+ Page.
No comments:
Post a Comment