Filter disable users from AD in sharepoint


How to 's:
  • Filter disable users from AD in sharepoint
  • Query to get disable users from active directory




Here i found an interesting article about how to prevent importing disable AD accounts from here
But sometimes you can make good use of LDAP filters toa void importing service accounts for instance, 
and other filters according to your needs:

Example LDAP User Filters



Default user filter:(&(objectCategory=Person)(objectClass=User))
Exclude accounts with no email address:(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*))
Exclude disabled accounts:(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))
Exclude accounts with passwords set to expire:(&(objectCategory=person)(objectClass=user)(!userAccountControl=65536))
Include only the accounts with valid email addresses(&(objectCategory=Person)(objectClass=User)(mail=*com)
Include only the accounts that are part of the Branch1 organizational unit(&(objectCategory=Person)(objectClass=User)(memberof:1.2.840.113556.1.4.1941:=(CN=Authenticated Users,OU=Branch1,DC=domain,DC=local)))
Exclude accounts that don’t have a first name (&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(!givenName=*)))



Useful links:

1. LDAP Filter syntax: http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx

2. LDAP Query Basics: http://technet.microsoft.com/en-us/library/aa996205(EXCHG.65).aspx

3. LDAP ADModify tool (can be useful to test queries): http://modify.codeplex.com/

Thanks to tamtam.nl

No comments:

Post a Comment

Keep ur coding aside.. Relax for some time..