theme-sticky-logo-alt
theme-logo-alt

Step By Step Guide to configure the “Replicating directory changes” for SharePoint 2010 and 2013

December 14, 2012
by Vlad Catrinescu
16 Comments

This guide is a step by step guide with Screenshots to give the “Replicating Directory changes” rights to the SharePoint user profile account that will be used to synchronize the user profiles.The screenshots were taken in Windows Server 2012, however the steps are identical or  very similar in Windows Server 2008 and 2008 R2.

The Guide

In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.

On the first page of the Delegation of Control Wizard, click next.

On the Users or Groups page, click Add.

Type the name of the synchronization account, and then click OK.

Click Next.

On the Tasks to Delegate page, select create a custom task to delegate, and then click Next.

On the Active Directory Object Type page, select this folder, existing objects in this folder, and creation of new objects in this folder, and then click next.

On the Permissions page, in the Permissions box, select Replicating Directory and then click Next.

Click Finish.

If you need to send the Guide to somebody, or download it for future reference, I also made it in PDF and you can download it here:  Step By Step Guide to configure Replicating Directory Changes
 
Leave a comment and don’t forget to like the Vlad Talks Tech Page   on Facebook and to follow me on Twitter here  for the latest news and technical articles on SharePoint.  I am also a Pluralsight author, and you can view all the courses I created on my author page.
SharePoint Server
Previous Post
Free Windows Server 2012 Learning Material & Resources! Part 2
Next Post
SharePoint 2013 Service Accounts Best Practices! Is there a golden solution for all farms?

16 Comments

  • December 15, 2012 at 11:13 am
    Anonymous

    This comment has been removed by a blog administrator.

    Reply
  • November 2, 2013 at 9:15 pm
    Nagesh

    Hey, It’s nice to see such a blog. thanks

    Reply
  • March 28, 2014 at 9:36 pm
    Majorbacon

    What about the other steps from http://technet.microsoft.com/en-us/library/hh296982%28v=office.15%29.aspx ??? Aren’t those going to be necessary too? Pre-2000 Group, the ADSI edits?

    Reply
  • May 6, 2014 at 1:21 am
    J-man

    I don’t have a “Tasks to Delegate” option, instead I have to choose an “Access Template” and I have no idea which template to select. Any help?

    Reply
    • May 12, 2014 at 9:54 pm
      Vlad Catrinescu

      That is strange! can you post a screenshot?

      Reply
      • May 12, 2014 at 10:08 pm
        J-man

        I have the screenshot for you but I am unable to post it here. Is there another way I can show you?

  • July 3, 2014 at 3:13 am
    velox

    do you know why i have no Replicating Directory changes option in permission box when i config delegate control in windows server 2013?

    Reply
    • July 7, 2014 at 8:49 am
      Vlad Catrinescu

      You should have it in windows server 2012 and Windows server 2012 R2.. can you show me screenshots?

      Reply
  • August 15, 2014 at 4:16 am
    mb

    Rather than assigning the delegate control to the whole of the site could you do it to a User OU that contains all the current and future User accounts if you are sure that there will not be another OU outside this that will contain user accounts?

    Reply
    • August 15, 2014 at 11:49 am
      Vlad Catrinescu

      Hello,

      Unfortunately the setting is at the Domain level, you can’t give it on a determined OU!

      Thanks,

      Reply
  • December 9, 2015 at 12:19 pm
    Donald E

    I have 50 farms enterprise wide.
    What’s your opinion of sharing the UPA content access identity between farms?
    domain admin doesn’t want 50 ACLs at the root.

    Reply
    • December 11, 2015 at 7:53 am
      Vlad Catrinescu

      It should work, the only thing I would worry about is performance. Check out this PDF from MS for sharing it: go.microsoft.com/fwlink/p/?LinkId=313930

      Reply
      • December 11, 2015 at 9:53 am
        Donald E

        Awesome link! Thanks. Where is the performance concern? One account vs. 50 accounts? Seems the laod would be the same regardless of the identity.

      • December 11, 2015 at 9:57 am
        Donald E

        The UPA content access account needs are for many disparate custom farms where the My Site host is not even in play. There is no assumption of any relation between any of the farms.

  • March 6, 2017 at 4:39 am
    Nizar O

    How do we reidentify the account that has been given that permission?

    Reply

Leave a Reply

Top Learning Resources

15 49.0138 8.38624 1 0 4000 1 https://vladtalkstech.com 300 1