Advice with LDAP OU filter

jasonbrough · ‎08-12-2016

Hello, I need help with LDAP integration, which is actually more of a question regarding LDAP filters rather than ServiceNow itself.

There are a number of OU's in AD which contain the accounts which they want to drag across. All the OU's are called 'User Accounts (Personal)'. The diagram shows 3 such OU's (there are around 150 in total).

The OOB filter is as follows:

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

What I want to do is basically start at the root level (black above) and return only the user records that exist in the 'User Accounts (Personal)' OU's. I was thinking of adding the following condition to the OOB filter:

(ou=User Accounts (Personal)

Has anyone done anything like this before?

Thanks..

mazhar4 · ‎08-12-2016

Hi Jason,

You will have to modify the filter as per the structure of your AD:

(&(objectClass=person)(sn=*)(OU=Parent,OU=Child,DC=Parent,DC=Child)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Please mark as helpful or correct if this helped you.

Thanks,

Mazhar

jasonbrough · ‎08-12-2016

Thanks for the answer Mazhar. I think your solution may work for filtering 1 of the 'User Accounts (Personal)' OU's but I want to include all of the 'User Accounts (Personal)' OU's.

I think I need to use a wildcard or something

tom_pb · ‎08-12-2016

had exactly the same requirement, had to create multiple ldap servers within servicenow as filtering by ou doesn't seem to work properly (in general, not jsut servicenow)

edit: just noticed you have 150 to do. . . I only had three. . . . . :s

sLuintel · ‎11-01-2016

Hi I kind of have a similar issue... so our filter at present is (&(objectClass=person)(sn=*)(!(objectClass=computer))

What I want to do is exclude a sub OU from being imported in.

I tried the folllowing but that didnt work: (&(objectClass=person)(sn=*)(!(objectClass=computer))(!dn='OU=Generic Email Accounts))

Any advice?