Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.
Issue
Active Directory synchronization fails either completely or partly for some Active Directory objects.
Applies to the following Sophos products and versions:
- SafeGuard Management Center / Local Policy Editor
Cause
- The user logged on to the directory has insufficient read rights on some objects.
Resolution
The account used for the import and synchronization needs Read rights for the domain and all child objects. Assign rights as follows:
- Open the Active Directory Users and Computers and go to Advanced Features.
- Select Properties.
- Add a user (or a group) and click the Allow checkbox to assign the Read permission.
- Click Advanced and select the user (or group) and followed by Edit.
- In Permission Entry for utimaco, from the Apply onto drop-down, select This object and all child objects.
The result must look like this:
Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues.
Fixed the images
[edited by: NOAH at 11:47 AM (GMT -7) on 26 Apr 2021]