I found out that the account being used in the ADSync connector is actually a regular user account instead of a service account. This was set up by my predecessor, and I'm uncertain about the original configuration. Can I re-run the setup to create a new user for ADSync? Or should I just create a new account myself? Also, what permissions does this account need to function properly?
1 Answer
It's not uncommon for the wizard to show a user account instead of a service account. The key is that it should have the right permissions, specifically Hybrid Identity Administrator permissions. You can check out the official Microsoft documentation for details on what permissions are needed.
But isn't it a problem if it's a person's name that's being used instead of a dedicated service account? That seems risky.