You have a SharePoint Server 2013 server farm.
Active Directory attributes are imported to user profiles.
You need to ensure that if users change the mobile phone number in their SharePoint user profile,
the new information will be copied to their Active Directory user account.
Which Active Directory permission should you assign to the synchronization account?
A.
Read All Properties
B.
Manage Replication Topology
C.
Write All Properties
D.
Replicate Directory Changes
Explanation:
The synchronization account for a connection to Active Directory Domain Services (AD DS) must
have the following permissions:
It must have Replicate Directory Changes permission on the domain with which you’ll synchronize.
Note: The Replicate Directory Changes permission enables the synchronization account to read AD
DS objects and to discover AD DS objects that have been changed in the domain. The Grant Replicate
Directory Changes permission does not enable an account to create, modify or delete AD DS objects.
Replicate Directory Changes only lets you read from AD. It doesn’t let you persist changes in SP back to AD.
I think the correct answer is C
Link?
Answer “C. Write All Properties”
“If you’ll export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) with which you are synchronizing. For more information, see the “Grant Create Child Objects and Write permission” section of Grant Active Directory Domain Services permissions for profile synchronization in SharePoint Server 2013.”
https://technet.microsoft.com/en-us/library/ff182925.aspx
Agreed – the answer is C, I recall doing this in production in SharePoint 2010 installs