This has been asked many times :). Here’s a recent thread:

https://communities.cisco.com/thread/86178

You will find your answer here:

Active Directory Account Permissions Required for Performing Various Operations<https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#reference_F19556CAD5C949B58DF89334E2C6255D>

George