So you are importing user profiles.
But then there comes the moment when you find out, you don’t want everything imported.
Just a subset, or maybe even just 2 out of 3 containers.
I have been there. A customer of mine had his Active Directory in very disordened way. But… a lot of software was configured to use this structure.
So rearanging was not an option.
But i had the idea, that the import was a LDAP-query, so any LDAP query should work. And i started out building LDAP queries that would give me the set of information needed. But i was unpleasantly surprised to see that none of them seem to work.
The only two attribtes i got the work where :
- Disabled accounts
LDAP option: (!userAccountControl:1.2.840.113556.1.4.803:=2) - Account with non-expiring passwords
LDAP option:(!userAccountControl=65536)
Adding these would at least generate a more decent result.
Example: (&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=2))
But i will continue my search for more options.
Eric