Configuring Replicating Directory Changes

While provisioning the User Profile Service (UPS), we can synchronize user profile information using the User Profile Synchronization Service. Synchronization between AD and SharePoint should be done using a domain account, called the synchronization account, i.e. DOMAIN\SPFarmAccount. This synchronization account requires Replicate Directory Change permissions in the domain.

Below are the steps on how you do this.

1. Open Active Directory Users and Groups with local machine Administrator permissions.

2. Right click the domain and select Delegate Control.

3. Click Next on the Delegation Control Wizard welcome page.

4. On the Users or Groups page, add the domain\account of your SharePoint farm admin account and click Next.

5. On the Tasks to delegate page, select “Create a custom task to delegate” and click Next.

6. On the Active Directory Object Type page, keep the default options and click Next.

7. On the Permissions page, check the “Replicating Directory Changes” and click Next

8. Click Finish to complete the Delegation of Control Wizard.