Skip to main content
Kofax

Access Permissions Required for the Account Running the EQCAS Service to Run Active Directory Synchronization

With Equitrac Office and Equitrac Express, what access permissions are required by the account which runs the EQCAS service to use Active Directory synchronization in System Manager to import users in to the Equitrac database? The account under which the EQCAS service runs requires sufficient access to search for objects using the following default search filter:

            (&(objectClass=user)(objectCategory=person)(uSNChanged>=NNN))

                        where NNN is an integer.

In addition, Active Directory synchronization searches for the attributes configured in the search plus the following:

            sAMAccountName, isDeleted, displayName, mail, userAccountControl

The user account requires access to any attributes specified in the custom filter and any mapped attributes specified in System Manager.

Finally, the user account must be able to read the following attributes from rootDSE:

            DnsHostName, dsServiceName, invocationID, highestCommittedUSN