ldap group import exclusions

Chris150 · ‎12-19-2016

Hello,

We are using Active Directory groups to dictate licensed user access to ServiceNow and I am trying to import some of our active directory groups.

Importing all of them is pretty straightforward, but I was wondering if there are any handy scripts that I could use just import the groups we need.

Ive searched the community already on this and couldnt really find anything that was helpful.

Michael Fry1 · ‎12-19-2016

If they were all in the same OU, that would be easy. Assuming not in same OU, you could use Filter as mentioned in 2.2. If it's allow of some groups, filter string could get long, but should work.

http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters... = shows some of the filtering that should work.

Groups with cn starting with "Test" or "Admin" would use filter like:

(&(objectCategory=group) (|(cn=Test*)(cn=Admin*)))

View solution in original post

Michael Fry1 · ‎12-19-2016

If they were all in the same OU, that would be easy. Assuming not in same OU, you could use Filter as mentioned in 2.2. If it's allow of some groups, filter string could get long, but should work.

http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters... = shows some of the filtering that should work.

Groups with cn starting with "Test" or "Admin" would use filter like:

(&(objectCategory=group) (|(cn=Test*)(cn=Admin*)))

Chris150 · ‎12-19-2016

They are in the same OU, but I only want to bring in 10 groups out of the 200 we already have.

Michael Fry1 · ‎12-19-2016

Try the filter above and see if that will work.

Chris150 · ‎10-13-2017

A year later.... Thanks for your help Michael. That worked!!