While I am working in one of the ADConnect deployment, we faced an issue in the export operation with error “Permission-Issue” for some users as appears in below snapshot: 

azure adconnect, Azure ADConnect Export Failed with Permission-issue Error (Insufficient access rights to perform this operation)

From the above console, when we clicked on one of the affected users to expand the error, we got below snapshot with an error “Insufficient access rights to perform this operation” as appears below:

azure adconnect, Azure ADConnect Export Failed with Permission-issue Error (Insufficient access rights to perform this operation)azure adconnect, Azure ADConnect Export Failed with Permission-issue Error (Insufficient access rights to perform this operation)

When we went to the AD users and computers, we noticed that all effected users have disabled inheritance permission as appear below (since the button enable inheritance appears this mean the inheritance is disabled):

azure adconnect, Azure ADConnect Export Failed with Permission-issue Error (Insufficient access rights to perform this operation)

Simply, enabling the inheritance to solve the issue and the ADConnect was able to export these identities.

 

Now, the important question is why to enable the inheritance!

The answer is very simple, Disable Inheritance means that the account no longer inherits permissions from a parent object (I.E. an OU), in most cases, this happens when the object was added to the privileged group such as domain admins group.

Get Started Today

For more information, call 877-788-1617 or email info@messageops.com

We hope you found this useful, if you need any support we are here to help. Please Make us your Microsoft partner today!