I'm having problem in my production environment with User Profile Synchronization Service that is stuck on starting. I'm not able to reach the AD but the hosting company does. I think they might have set the "replicating directory changes" on the wrong domain.
In my dev environment everything works well, but it there a way to remove "replicating directory" permission on a user? I just want to check on my dev environment if I get the same result. (that I cannot get the user profile synchronization service to start, without having replicated directory changes on the right domain) I have the user already with "replicated.. " so I just want to remove that.
I've tried to delete the user and add it again, without any luck. The permission seams to be there even if I've deleted the user.
$Identity = "SP_ProfileSync"
$RootDSE = [ADSI]"LDAP://RootDSE"
$DefaultNamingContext = $RootDse.defaultNamingContext
$ConfigurationNamingContext = $RootDse.configurationNamingContext
$UserPrincipal = New-Object Security.Principal.NTAccount("$Identity")
DSACLS "$DefaultNamingContext" /G "$($UserPrincipal):CA;Replicating Directory Changes"
DSACLS "$ConfigurationNamingContext" /G "$($UserPrincipal):CA;Replicating Directory Changes"
0 commentaires:
Enregistrer un commentaire