With Equitrac Office and Equitrac Express, what access permissions are required by the account which runs the EQCAS service to use Active Directory synchronization in System Manager to import users in to the Equitrac database? The account under which the EQCAS service runs requires sufficient access to search for objects using the following default search filter:
where NNN is an integer.
In addition, Active Directory synchronization searches for the attributes configured in the search plus the following:
sAMAccountName, isDeleted, displayName, mail, userAccountControl
The user account requires access to any attributes specified in the custom filter and any mapped attributes specified in System Manager.
Finally, the user account must be able to read the following attributes from rootDSE:
DnsHostName, dsServiceName, invocationID, highestCommittedUSN