Granting the report service account permissions

For your convenience, below are reminders for how to grant the two sets of required permissions for the report service account.

Granting the permission to replicate directory changes in ADUC

To grant the permission to replicate directory changes at the domain level (read only):

  1. Open Active Directory Users and Computers.
  2. From the View menu, select Advanced Features.
  3. Right-click the domain object and select Properties.
  4. Click the Security tab.
  5. Select the desired user account (add the account if it’s not listed there already).

  6. In the Permissions area, next to Replicating Directory Changes, click Allow.

  7. Click OK to save your changes.

    For more information about setting this permission, see https://support.microsoft.com/en-us/kb/303972.

Granting the permission to replicate directory changes in ADSI

In addition to granting the replicate directory changes permission in Active Directory Users and Computers (ADUC), you also need to grant the same permission in the ADSI Edit (Active Directory Services Interfaces Editor) console.

To grant the permission to replicate directory changes in ADSI (read only):

  1. Open the ADSI Edit console.
  2. From the Action menu, select Connect to.

    3. The Connection Settings dialog box opens.

  3. For the Connection Point, go to the "Select a well known Naming Context" drop-down menu and select Schema.

  4. Click OK to close the dialog box.

    5. The schema for the current domain displays in the ADSI Edit console.

  5. Expand the schema listing so that you can see the first node of the schema, and right-click that node and select Properties.

    6. The Attribute Editor dialog box opens.

  6. Click the Security tab.
  7. Select the desired user account (add the account if it’s not listed there already).

  8. In the Permissions area, next to Replicating Directory Changes, click Allow.

  9. Click OK to save your changes.

Granting the permission to log on as a service

To grant the log on as a service permission:

  1. In the Group Policy Management Editor, apply the following policy to your desired user or group of users:

    Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Log on as a Service.

For more details about granting the log on as a service policy, see https://technet.microsoft.com/en-us/library/dn221981(v=ws.11).aspx.