Permissions for managing mobile device objects in Active Directory

If you want to manage your mobile device objects in Active Directory, you need to delegate the necessary permissions to the Centrify Connector:

At least read permission to the container that has the Privileged Access Service user accounts.

A broader set of permissions on the container that has the registered device objects.

When you designate the registered device object container or organizational unit in the Device Registration Settings, you need to set the read permission and the permissions for the Active Directory user account for the container or organizations unit that stores the registered device objects. Repeat the second procedure for every container or organizational unit you use to store the registered device objects.