While I am working in one of the ADConnect deployment, we faced an issue in the export operation with error “Permission-Issue” for some users as appears in below snapshot: 

azure adconnect

From the above console, when we clicked on one of the affected users to expand the error, we got below snapshot with an error “Insufficient access rights to perform this operation” as appears below:

azure adconnect

When we went to the AD users and computers, we noticed that all effected users have disabled inheritance permission as appear below (since the button enable inheritance appears this mean the inheritance is disabled):

azure adconnect

Simply, enabling the inheritance to solve the issue and the ADConnect was able to export these identities.

For more information visit our Azure services page.

Now, the important question is why to enable the inheritance!

The answer is very simple, Disable Inheritance means that the account no longer inherits permissions from a parent object (I.E. an OU), in most cases, this happens when the object was added to the privileged group such as domain admins group.

Get Started Today

For more information, call 877-788-1617 or email [email protected]

We hope you found this useful, if you need any support we are here to help. Please Make us your Microsoft partner today!

Was this article helpful?