Hi,
I'm provisioning users from FIM 2010 R2 in a 2008 domain to AD and Exchange. The issue I have is setting the exact permissions for my fim AD management agent account (fimservice)
I've set replicating directory changes on the domain, as well as create\delete user objects on my target OUs. This didn't work, so I tried the following:
Right click on domain, security, gave fimservice full control
Did the same on sub OUs to target OU
Added fimservice to local admins and fimsync admins on server
Added fimservcie to Exchange Organization Management group
Tried my sync again and I still get an 8344 permissions error!!
So far, the only thing that has worked is if I set my fim AD management account to a domain admin
Can someone please specify exactly which permissions are needed to provision to AD and Exchange?
Thanks
