While I am working in one of the ADConnect deployment, we faced an issue in the export operation with error “Permission-Issue” for some users as appears in below snapshot:
From the above console, when we clicked on one of the affected users to expand the error, we got below snapshot with an error “Insufficient access rights to perform this operation” as appears below:
When we went to the AD users and computers, we noticed that all effected users have disabled inheritance permission as appear below (since the button enable inheritance appears this mean the inheritance is disabled):
Simply, enabling the inheritance to solve the issue and the ADConnect was able to export these identities.
For more information visit our Azure services page.
Now, the important question is why to enable the inheritance!
The answer is very simple, Disable Inheritance means that the account no longer inherits permissions from a parent object (I.E. an OU), in most cases, this happens when the object was added to the privileged group such as domain admins group.
Get Started Today
For more information, call 877-788-1617 or email [email protected]
We hope you found this useful, if you need any support we are here to help. Please Make us your Microsoft partner today!
Get our updates straight to your inbox!
Sign up for our email updates to make sure you don't miss any of our new content.