Exclude sub OUs in LDAP

Pintu2
Tera Expert

‎07-23-2019 06:19 PM

How to exclude a sub-OU in importing an OU into ServiceNow?

I have an OU ABC with few sub-OUs and I don't want one of the sub-OUs in ServiceNow.How to exclude the users from one the sub-OU and if not how could I not update/insert these users in ServiceNow?

Appreciate your response.

 

Thank you.

Labels:
0 Helpfuls
  • 1,857 Views
8 REPLIES 8

Allen Andreas
Administrator
Administrator

‎07-23-2019 06:40 PM

Hi,

You can set your RDN in your LDAP OU Definition to the specific OU that you want to pull-in and to avoid any specific OUs within...in the filter you can do something like:

(!(ou=ServiceAccounts))

So this would filter out the ou that is called ServiceAccounts.

See: https://docs.servicenow.com/integrate/ldap/task/t_DefineLDAPOrganizationalUnits.html for full filter example that you'd want to start with and then add mine in...where you see the (!( piece.

Please mark reply as Helpful/Correct. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Pintu2
Tera Expert
In response to Allen Andreas

‎07-24-2019 02:14 PM

I tried giving the same filter as mentioned but it didn't work for me. Please see below and can you suggest any other alternate way to do this

 

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(ou=ServiceAccounts)) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))

 

The same way I tried giving the filter as per my OU definitions but it didn't work

0 Helpfuls

Allen Andreas
Administrator
Administrator
In response to Pintu2

‎07-24-2019 02:32 PM

Hi,

Did you replace ServiceAccounts with the actual name of the OU? Can you just try:

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(ou=ServiceAccounts)))

You should be able to click Browse after saving here to then try and see if the user/OU still shows up or not:

find_real_file.png

So this way you can test faster to see if the filter is working or not.

This should work as I have posted it.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
Preview file
6 KB

Pintu2
Tera Expert
In response to Allen Andreas

‎07-25-2019 10:44 AM

Yes, I did replace with the actual name of my sub-OU but it's not working. Not sure why it is not working in case of a sub-OU.But when I tried filtering with other fields like the (!(description=compliance*)) then it is able to exclude the sub-OU with the description filter.

 

0 Helpfuls