This knowledgebase article is designed to assist with the configuration of the Active Directory user account that iD uses to read from your Active Directory domain.  By performing these steps, user information will be synchronized back to Active Directory when users edit their MyHub profiles.


Before you Begin

This tutorial assumes:

  • You have access to a domain controller on your network.
  • You have already created a new user account in Active Directory for GreenOrbit.
  • "Advanced Features" are enabled in the Active Directory Users and Computers interface.
  • The account configured for use with LDAP in GreenOrbit and the end user account you are testing the MyHub Profile with is not a Domain Administrative user.


The below steps are being performed on a Windows Server 2012 R2 Domain Controller, older versions of Windows Server may have slightly different interfaces.


Configuring an Active Directory User account to write to your Active Directory Domain

  1. Open "Active Directory Users and Computers" on your domain controller.




  2. Right click your domain in the left hand panel and select "Properties".




  3. Click the "Security" tab and click "Add" to search for the user account GreenOrbit users to connect to Active Directory.








  4. Ensure the user account is selected in the user list and click "Advanced".




  5. In the Advanced Security Settings interface, make sure your user account is selected and click "Edit".




  6. Make sure "Applies to" is set as "Descendant User objects" and under Permissions and Properties, add the "Write all properties" options to the already selected items.






  7. Click "OK" to save changes on all open Windows and the change is now complete.  After some time MyHub will now be able to write changes made back into Active Directory.