Forum Discussion
Solved
Admin role for password sync
Hi, I'm working with a customer who wants to do a password sync with azure ad. I'm wondering what is the best role to grant the customer. They shouldn't be able to change anything but should be a...
When you install and configure AAD Connect, it needs credential with Global Admin rights. Using those rights, AAD Connect creates a user named Sync_[server]_[randomstring]@[yourtenant].onmicrosoft.com which is used to perform the actual sync.
The sync user has "Directory Synchronization Accounts" role (rights). However, you cannot give this particular role using Office 365 admin center, you need to use PowerShell:
Add-MsolRoleMember -RoleName "Directory Synchronization Accounts" -RoleMemberEmailAddress <UPN>
To see the accounts currently having the role:
Get-MsolRoleMember -RoleObjectId (Get-MsolRole -RoleName "Directory Synchronization Accounts").ObjectId
Are you referring to Password Sync through Azure AD Connect? If not, can you describe more what you're trying to accomplish?