Directory Wizards Inc.

Solutions For Your Directory Needs

• Products
• Support
• Knowledgebase
• Blog
• DirWiz Gear
• About
• Home

RSS feed

Categories

• Active Directory
• ADAM
• Address Manipulation
• BPOS
• Exchange 200x
• Exchange 5.5
• Exclusions
• General
• Group as Group Sync
• Groupwise
• LDAP SSL
• LDIF
• Licensing & Keys
• Lotus Notes / Domino
• Map Files
• Master/Spoke
• Netscape
• ODBC
• Oracle
• Outlook
• Profiler
• SharePoint
• Troubleshooting
• UnitySync
• USync
• Windows 2000

Knowledgebase

Configuring Active Dir or Exchange 200x (Login ID Permission Requirements)

Category:Active Directory

Last Updated:2011-08-02

Download PDF version

Setting up a UnitySync Account

You will need to create an account that will be used by our programs to read and/or write to your directory. The only requirement for a UnitySync account is that it has Domain Admin rights. 

1. Launch the User Administrator Program:
   Start/Programs/Administrative Tools/Active Directory Users and Computers.
2. Open the tree until you find the Users container.
3. Right click on the Users container and select New/User.
4. Enter the appropriate account information.
5. Press Next
6. You may use whatever password you like. We recommend checking "User cannot change password" and "Password never expires" to eliminate the need to maintain this account.
7. Select Next, then Finish.  You should now see the account you created in the Users container.
8. To add your new user to the Domain Admins group, double click on the Domain Admin group in the Users container.
9. Select Members, Look In: Entire Directory.  Select your new user account and press Add.

LOGON ID Syntax:
Active Directory uses a 'Domain Component' structure for its logon id.  When you setup Active Directory you assigned an internet domain name to it (i.e. dirwiz.com).  Typically the logon accounts are located in a container called 'Users'. An example of a logon would be: UnitySync@delaware.dirwiz.com

Using ‘Special Permissions’

By default, adding the UnitySync account to the Domain Admins group grants this account full control of all Organizational Units (OU's) within the directory. If you are in a Distributed Processing environment and wish only to allow a user full control  to a single, specific container in your directory, do not add the UnitySync account to the Domain Admins groups. Instead apply ‘Special Permissions’ as outlined here:

1. Manually create an OU on your destination AD directory.  This will be the container you want SimpleSync to write to.
2. Highlight your new OU and go to change the View to Advanced Features. This allows you to see the Security Options.
3. Right Click the OU and Select Properties, then click the Security tab.
4. Add the SimpleSync account to the Access Control List and give it Full Control.
5. Click on Advanced button. Select the SimpleSync login account, click View/Edit then choose: 
   
   Apply onto:  This object and all children objects
6. Click OK.

NOTE: When creating a connection to sync objects into a specific (preexisting) destination container, you must specify a Placement DN on the Destination tab of your SimpleSync connection.
i.e ou=SyncContainer,dc=domain,dc=com

NOTE: Omitting an Email Address for the UnitySync account can help avoid it being synced.

© 2011 Directory Wizards Inc.