If you’ve ever tried to setup SharePoint 2007 to import user profiles via LDAP you’ll like this post. The setup of the SSP to import profiles is a fairly simple task, but what is not that easy is applying the right LDAP user filter to import only the accounts that you desire from Active Directory. I’d like to share with you my experience with applying user filters and some of the excellent user filter examples I have found.
Instructions for creating a new connection and applying an LDAP user filter to limit the profiles imported by your Shared Service Provider:
1. Log in to your SharePoint Central Administration site.
2. Select your Shared Service Provider and click on “User profiles and properties” under the “User Profiles and My Sites” column.
3. Click on the link, “Manage Connections”.
4. Click on “Create New Connection”.
5. Give the connection a meaningful name.
6. In the Directory service server name text box, enter the server name or IP address of your LDAP server.
7. Enter the LDAP user filter of your choice (see below for examples) .
Now you are ready to import your LDAP users into the profile database. Go back a screen and start a full import. Once the import starts enumerating you should see user profiles being imported into SharePoint. When the import is complete, click “View Profiles” to see what profiles were imported.
I’ve compiled a fairly good set of user filters below, feel free to submit a comment if you have others to add to the list.
Example LDAP User Filters
Default user filter:
Exclude accounts with no email address:
Exclude disabled accounts:
Exclude accounts with passwords set to expire:
Include only the accounts with valid email addresses
Include only the accounts that are part of the Branch1 organizational unit
Exclude accounts that don’t have a first name
LDAP Documentation – LDAP Attribute List