Stop AD sync for only specific users

Brent Cox · ‎10-07-2022

Hello, we are making some changed that will mean a large group of users will be going from our AD environment to a different environment. We are hoping that we can simply take those users and remove them from the AD sync and have them exist as local users in the system. I tested on one user and I removed the information in the LDAP server and Source fields, but this morning, those fields were populated again after the AD sync. Is there something else I need to do to make sure that stops syncing with AD?

OlaN · ‎10-07-2022

Hi,

You can create an onBefore transform script on your LDAP import transform, to exclude/skip records in the AD-sync if the target record has some specific conditions, for instance having an empty LDAP source field.

View solution in original post

Mike_R · ‎10-07-2022

Go to your LDAP OU Definition and modify the RDN or Filter

instanceName.service-now.com/ldap_ou_config_list.do?sysparm_query=active%3Dtrue&sysparm_view=

Mike
* My Collection of ServiceNow Stuff *

Brent Cox · ‎10-07-2022

There's no easier way to do this on a smaller scale? For instance, I have one user account that I am trying to test with. I removed the LDAP fields within their user account, and it worked as a local account until the sync happened, and then it filled the LDAP information back in. So, there's no simple way to take this one user account and make it stay as a local account without changing the whole RDN scope on the LDAP OU Definition?

OlaN · ‎10-07-2022

Hi,

You can create an onBefore transform script on your LDAP import transform, to exclude/skip records in the AD-sync if the target record has some specific conditions, for instance having an empty LDAP source field.