I am trying to use active directory as policy store and want to restrict the permissions granted to the user that connects to the policy store.
Documentation states that "
"Privileges to create, read, modify, and delete objects in the LDAP tree underneath the policy store root object.""
If i grant full control to the OU that hosts the policy store , of course , everything is initialized properly. However, when we retrict the permission i.e. remove full control and grant create\delete permissions , i am getting this error while running xpsddinstall smmaster.xdd
[3204/4348][Mon Dec 23 2019 13:30:40][SmObjProvider.cpp:188][ERROR][sm-Server-03090] Policy store failed operation 'Save' for object type 'Realm' . LDAP Error creating new Realm object"
Has anyone done this by restricting permissions ?