Which permission do I need

I asked before and didn’t get an answer. So I try again.

What kind of permission do a AD-user need to sync passwords? I just want to read from the Active Directory and because of security I don’t want a domain admin as the bind user.

Please help.