Since it's initial creation, I've made a few updates to the Advanced AAD Connect permissions tool. The most recent updates:
- 2017-10-11 - delegating write permissions to the CN=adminSDHolder,CN=System container
- 2017-10-05 - delegating write permissions to the ms-DS-ConsistencyGuid property
These two updates should allow for a more complete AAD Connect permissions delegation experience. The script has been updated in the gallery (https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74).
Please be sure to leave any questions or feedback.
Thanks!