The account under synchronized directories is a global admin and enterprise admin. It is my understanding that once the dir sync has been installed and running and sync is working it doesn't require these rights anymore. I just wanted to make sure before i remove microsoft.com\serviceaccount from domain enterprise admins group. Also, how do auto updates works for dirsync if i reduce the rights for this user to a regular domain user.
John
