By: Kharles Pico

Kharles Pico — Thu, 25 Sep 2008 05:20:00 +0000

This should do the trick:

(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Might be worth checking in AD if the user is actually disabled.

However I noticed that the following:

(&(objectCategory=Person)(objectClass=User)(memberof:1.2.840.113556.1.4.1941:=(CN=Authenticated Users,OU=Branch1,DC=domain,DC=local)))
should include only the accounts that are part of the Branch1 organizational unit.

This is not the case the previous filter actually only filters out on users who are as it says member of that group. So even if someone is in the OU if they are not a member of this OU they will not be returned. Hope this helps.

I haven’t found a way to exclude or include users in an OU yet using LDAP filters. I’ve found that you can add a profile property, add a managed path and then filter out the People scope adding the rule to exclude users from the OU.

Hope that helps.

By: Bruce Rhodes

Bruce Rhodes — Thu, 11 Sep 2008 13:20:37 +0000

Has anyone had problems with trying to filter out disabled AD accounts? I can not get the WSS profile import to filter out disabled Ad accounts…I have tried for two months now and tried every solution that I can find on every form, blog and discussion board.

any help?

Comments on: SharePoint 2007 – LDAP User Filters for Limiting User Profile Import

By: Kharles Pico

By: Bruce Rhodes