Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:56 PM
Hi,
Is it possible to exclude certain OUs under the root or another OU while importing Active Directory Accounts and Groups using the AD connector?
For example, I have
OU=Company
OU=IT
OU=Finance
OU=HR
OU=Research Development
Is it possible to specify - import accounts/groups only from OU=IT and OU=HR and exclude OU=Finance and OU=Research Development?
Thanks,
Suparna
Solved! Go to Solution.
04/12/2022 01:56 PM
Hi Suparna,
Active directory does not support advanced filters specifically based on OU and DN/distinguishedName constraints.
You could get a single object as OU itself or an object based on a DN filter but it will never return you user/group list together with OU filters. Thus, this requirement cannot be fulfilled via filters based on OU.
Like we discussed, it is only possible if you have any specific attribute which could be differentiator across those OU objects (for example, departmentName attribute that could provide info on whether it should be imported or not), in which case we could still do it via ObjectFilter.
It is possible to raise an enhancement request that will enable the product team to search for alternate solutions to implement this, but will be taken up based on priority post v6 release.
04/12/2022 01:56 PM
Thank you very much, Divya! I will raise an enhancement request for this.
Thanks,
Suparna