Set profile synchronization account rights in AD using PowerShell

This is just a short note on this topic. I could not find a script in the net. I’m not sure this is part of some SharePoint “config frameworks” like “AutoSPInstaller”. I do not use this frameworks. I create my own script sets. – Currently I create config scripts for my dev environment… The missing pieces here are related to User Profile Sync. Creating a sync connection *not* using Central Administration is not supported. There is no PowerShell, etc. – Another thing is to grant the sync account rights in the Active Directory… Here is my small script in Technet Gallery:

The script will not modify an existing entry for the profile sync user in the AD. If the user is in the ACL of the Domain object or the Configuration object it will skip this part!

As always: Use it at your own risk!!! 


Use it like this:



Tested with SharePoint 2013 and a Active Directory based on Windows Server 2012.