SafeGuard Enterprise: Synchronization of Active Directory objects fails

Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.

Issue

Active Directory synchronization fails either completely or partly for some Active Directory objects.

Applies to the following Sophos products and versions:
 

• SafeGuard Management Center / Local Policy Editor

Cause

• The user logged on to the directory has insufficient read rights on some objects.

Resolution

The account used for the import and synchronization needs Read rights for the domain and all child objects. Assign rights as follows:
 

1. Open the Active Directory Users and Computers and go to Advanced Features.
   
   
    
2. Select Properties.
   
   
    
3. Add a user (or a group) and click the Allow checkbox to assign the Read permission.
   
   
    
4. Click Advanced and select the user (or group) and followed by Edit.
   
   
    
5. In Permission Entry for utimaco, from the Apply onto drop-down, select This object and all child objects.
   
   
   
   The result must look like this:
   
   

Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues.