A Company has created a Moodle server for us and will manage it. They asked us to create a user that it would connect to LDAP with. They have demanded that this user be given a domain admin account as it has to write an ID number to the office field of an AD users account.
We do not feel at all happy doing this!!
Using Active directory delegation or ADSIEDIT we have tried giving this user read access to all user information and write access to the PHysicalDeliveryOffice field. Unfortunately this hasnt worked as we thought it would. Company still say this is not enough access.
Would anyone know the minimum required AD read/write access to let this user populate the office field?
Also are there any major security implications using a domain admin account?