Is there a way to grant a user the ability to synchronize LDAP without giving them full admin rights? This applies to both UCM and Unity Connection. When adding new users to the system we add them to Active Directory, and then create their phone & voice mailbox. After creating their AD account we synchronize LDAP in UCM and UC so the new accounts are visible to those systems. When I do it myself it's not a problem because I have full admin rights, but I'd like to delegate the permission to sync LDAP to our technical support staff who don't have full admin rights on the phone system. It's not realistic to expect them to wait for the next scheduled LDAP sync to occur.