Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Exclude sub OUs in LDAP

Pintu2
Tera Expert

‎07-23-2019 06:19 PM

How to exclude a sub-OU in importing an OU into ServiceNow?

I have an OU ABC with few sub-OUs and I don't want one of the sub-OUs in ServiceNow.How to exclude the users from one the sub-OU and if not how could I not update/insert these users in ServiceNow?

Appreciate your response.

 

Thank you.

Labels:
0 Helpfuls
  • 2,110 Views
8 REPLIES 8

Allen Andreas
Tera Patron

‎07-23-2019 06:40 PM

Hi,

You can set your RDN in your LDAP OU Definition to the specific OU that you want to pull-in and to avoid any specific OUs within...in the filter you can do something like:

(!(ou=ServiceAccounts))

So this would filter out the ou that is called ServiceAccounts.

See: https://docs.servicenow.com/integrate/ldap/task/t_DefineLDAPOrganizationalUnits.html for full filter example that you'd want to start with and then add mine in...where you see the (!( piece.

Please mark reply as Helpful/Correct. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Pintu2
Tera Expert
In response to Allen Andreas

‎07-24-2019 02:14 PM

I tried giving the same filter as mentioned but it didn't work for me. Please see below and can you suggest any other alternate way to do this

 

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(ou=ServiceAccounts)) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))

 

The same way I tried giving the filter as per my OU definitions but it didn't work

0 Helpfuls

Allen Andreas
Tera Patron
In response to Pintu2

‎07-24-2019 02:32 PM

Hi,

Did you replace ServiceAccounts with the actual name of the OU? Can you just try:

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(ou=ServiceAccounts)))

You should be able to click Browse after saving here to then try and see if the user/OU still shows up or not:

find_real_file.png

So this way you can test faster to see if the filter is working or not.

This should work as I have posted it.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
Preview file
6 KB

Pintu2
Tera Expert
In response to Allen Andreas

‎07-25-2019 10:44 AM

Yes, I did replace with the actual name of my sub-OU but it's not working. Not sure why it is not working in case of a sub-OU.But when I tried filtering with other fields like the (!(description=compliance*)) then it is able to exclude the sub-OU with the description filter.

 

0 Helpfuls