Once you have done a specific task a couple of times, you start to wonder how it can be made easier and faster. This happened to me when I was setting up the required permissions for a service account for AADSync in Active Directory. With AADSync, you have a couple of optional features that you can enable during the installation wizard. Most of those features requires specific permissions for the account used to connect to the on-premise Active Directory. The features that require specific permissions are the following:


You'll find the documentation for this script on my blog.