WebSpy is a Fastvue Product

Support Center

Import Only User Accounts From LDAP

Last Updated: Jul 16, 2018 09:49AM PDT
Many accounts in Active Directory are not user accounts. They belong to systems and services.

The number of users that WebSpy Vantage can import into its Organization tab is limited to the number of users in your license. You may, therefore, need to exclude system and service accounts from being imported.

There are some quick queries provided to limit the number of users imported, such as 'All enabled users with an email address', however you may need to further customize the LDAP Query to limit the number of accounts imported.

Below are some useful queries and ideas you may like to try.

The LDAP query is specified when running the Import Organization from LDAP wizard, either directly on the Organization tab, or via the 'Import Organization from LDAP' task action on the Tasks tab.

Import Organization Wizard - LDAP Query

Exclude Accounts with non-expiring Passwords

If all system accounts have non-expiring passwords, you can use this query to exclude all accounts that have a non-expiring password.

(&(objectClass=person)(objectCategory=user)!userAccountControl:1.2.840.113556.1.4.803:=65536))

Exclude Accounts that belong to a System Accounts group

If all system accounts belong to a single group name, you can use the query below to import all users that are not a member of the system_accounts group.

(&(objectCategory=person)(objectClass=user)(!(memberOf=cn=system_accounts,ou=system,dc=Domain,dc=com)))

Exclude Accounts with a certain naming convention

If all system accounts start with the name ‘sys’, you can use the following query to exclude them:

(&(objectClass=person)(objectCategory=user)!(cn=sys*))

Only users with both a first and last name.

If system accounts typically only have the first name specified, you can exclude them by importing users with both a first and last name with this query:

(&(objectCategory=person)(objectClass=user)(givenName=*)(sn=*))

All users with Logon Script: field occupied

If only users have logon scripts specified, you can import only these user accounts with this query:

(&(objectCategory=person)(objectClass=user)(scriptPath=*))

All members of a specified group, including nested groups.

If you have a security group for 'true' user/people accounts, you can import them using this query:
 
(memberOf:1.2.840.113556.1.4.1941:=cn=Test,ou=East,dc=Domain,dc=com)

Note: Some of these examples have been simplified and use sample AD group or attribute names. You will need to customize these queries for your AD structure, and may possibly need to combine some of the above queries. to exclude all system accounts.

For more examples, see the 'Examples' section of this article: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

As always, if you need additional assistance, please get in touch!



 

Contact Us

support@fastvue.co
http://assets2.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete