LDAP Binder user causes DAS issues when normal domain user
I have come across a issue when Incorrect capabilities for the LDAP Binder user may cause DAS sync issues.
The LDAP Binder user needs to have "read access to all users objects". This usually means they must be a member of Domain Admins in AD. If they are not, then new users will be add to the IAP, but deletions from AD will not be propagated to the IAP.
In this case we need to check if binder user for LDAP connection has sufficient rights.
Check in Active Directory, look up the Binder user, open the Properties and select the "Member Of" tab, and correct to right membership. This should help
Re: LDAP Binder user causes DAS issues when normal domain user
Hi, its possible to connect to AD using ldp.exe (see http://technet.microsoft.com/en-us/library/cc794810(WS.10).aspx) and use the same bind user as in LDAP connection setting for a DAS job.
This way you can verify if the bind user is able to connect and see the AD objects.