Setting ‘Special Permissions’ on the AD LDS Sync Container2017-04-26 11:54:07
AD LDS ADAM UnitySync
In order for your UnitySync AD LDS User account to have appropriate permissions to manage objects in your AD LDS directory, you may make your UnitySync AD LDS user account a member of the ADMIN group (recommended).
You may apply ‘Special Permissions’ on the Sync container, granting the UnitySync AD LDS user account permissions to just that one container.
You must first complete the steps outlined for Creating your ADAM UnitySync User Account and Sync Container.
Refer to instructions on configuring your LDS user permissions in the related Microsoft Technet articles: https://technet.microsoft.com/en-us/library/hh831593.aspx
NOTE: Please keep in mind when configuring the AD LDS User permissions, the UnitySync user must have permission to create, modify, and delete child objects (including contacts and sub-ou’s) within the Sync Container.