Error while running active directory import in sharepoint 2016 for user profile synchronization
We are getting below error while running active directory import in sharepoint 2016 for user profile synchronization.
Error="ActiveDirectory Import: DirSync import failed: ScanDirSyncChanges: Exception thrown by Dirsync request: page 0, LdapServer 'X.XXX.net', rootDn 'DC=XXX,DC=net', exception 'System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights. "
We are able to pouplate domain controller .
from the error, its look like your account dont have Replicating Directory Permissions on the domains which you trying to sync.
Check this harber post,which shows the same error without Replicating permission.http://www.harbar.net/archive/2012/07/23/sp13adi.aspx
Follow this technet article to set the permission properly.
- To grant Replicate Directory Changes permission on a domain
- On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
- In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
- On the first page of the Delegation of Control Wizard, click Next.
- On the Users or Groups page, click Add.
- Type the name of the synchronization account, and then click OK.
- Click Next.
- On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
- On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
- On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on Windows Server 2003), and then click Next.
- Click Finish.