Does AD Connect sync account needs to have global admin in office 365?

Kak Tak 11 Reputation points
2020-10-27T07:04:59.4+00:00

Hi all,

As title says Does AD Connect sync account needs to have global admin in office 365? I took over tenant from previous admin and I notice that account that is used in azure ad connect has global admin role assigned. Problem with this is that many on support has access to documentation and passwords and if someone should try to use this account he could get global admin access. Can I remove ad connect sync account (the account you use when changing settings in ad connect)from global admin?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,666 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Leon Laude 85,666 Reputation points
    2020-10-27T07:29:35.86+00:00

    HI @Kak Tak ,

    You'll find the permission required by the AD Connect accounts listed over here:

    Azure AD Connect: Accounts and permissions
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions

    ----------

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)

    Best regards,
    Leon

    0 comments
  2. AmanpreetSingh-MSFT 56,311 Reputation points
    2020-10-27T07:49:05.337+00:00

    Hi @Kak Tak · If you question is about below account, the answer is NO. This account doesn't need to have Global Admin rights.

    35325-image.png

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments