I have been scouring the Internet trying to determine the difference between the "Replicating Directory Changes", "Replicating Directory Changes All", and "Replication Directory Changes in Filtered Set" permissions within Active Directory. I have had multiple applications, SharePoint being the most current, that request this permission, but I'm not sure what this actually allowing the application (SharePoint) to do regarding Active Directory. I'm especially worried about the Replicating Directory Changes All permission since this article (http://msdn.microsoft.com/en-us/library/windows/desktop/ms684355(v=vs.85).aspx) states that it allows "Control access right that allows the replication of secret domain data."
Has anyone found definitive information on what permissions I am granting by setting this?