System Center Service Manager requires that its service account have read rights to the Deleted Objects container in Active Directory. This allows the SCSM<->AD connector to delete items out of SCSM as they are deleted from Active Directory. The problem is, by default not even domain administrators can see the container! There is a way to do it, though, and it is relatively easy.
- Login with a domain administrator account
- Run an elevated command prompt (run as administrator)
- Run these two commands in your command prompt window:
- dsacls “CN=Deleted Objects,DC=dcps,DC=duval,DC=us” /takeownership
- dsacls “CN=Deleted Objects,DC=dcps,DC=duval,DC=us” /G DCPS\scsmsvc:LCRP