Hello friends.
I have the following scenario
An organization that has:
1 Server 2012 R2 Active Directory
1 Server with Exchange 2013 Sp1
1 Server with FIM Server 2010 R2 Sp1
Second Organization
1 Exchange Server 2010
1 Server 2008 R2 Active Directory
I'm currently setting FIM Server 2010 to create a GAL between the two organizations.
the two organizations has two OU.
Forest1
Accounts (all users)
GalSync
Forest2
Accounts (all users)
GalSync
by organization policies should not create users with domain admins permissions on the forest 2.
- My question is, what permissions do I need on the forest 2 in order to export data from users OU "accounts (all users)" and it can be imported in the Forest 1 in the OU "GALSync"
- My goal is to Synchronise contacts forest without permisos Each domain administrator.
- I read that it is possible to delegate permissions full on the OU "Accounts (all users)", I wonder if there is any permission that achieves only export the data.
- on OU "GalSync" I understand that if I have full permissions so you can read \ write all contacts.
I welcome your comments.