LDAP Query is not working
Hi All,
we are using SharePoint 2007.
We are facing a peculiar problem and need your help/ suggestions:
Problem Statement: The Intranet is importing user profiles based on a ldap query and user filter defined in central admin. The user filter selectively rejects “not active”
profiles and profiles that belong to a user group: NonIT_Staff (this group is used to store profiles who have left organization or some selected admin accounts)
The user filter used is:
(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!memberOf=CN=NonIT_Staff,OU=Groups,DC=group,DC=local))
Which I investigated and validated to be correct and should filter the non active and NonIT _staff group members.
However some accounts that are part of NonIT_staff group are still shown in user profiles.
There are few point worth noting:
1.
We didn’t find any account in “Profiles missing from import”. There is a scheduler that automatically removes such accounts.
2.
We removed a
user who belongs to NonIT_Staff account (part of NonIT_staff
group, already left the organization) from user profiles but incremental crawl didn’t import it or could have been deleted by the scheduler. End result – It’s not there now.
3.
Sujit and I – both have same account status and memberships. Though Sujit’s admin account is part of User profiles, I am not. An interesting pointer can be: My account was created
2 years back and was just enabled again but not created again.
4.
We created a test id under NonIT_staffbut it was also not added by incremental import.
Is it possible that a group/ id added manually by breaking away from “Inherit permissions” policy get such accounts added? I don’t think so but would like a confirmation
from you all.
This is getting very confusing and your help or pointers will be really appreciated.
July 30th, 2010 2:32pm
Hi,
What does the output look like when running that filter from ldp.exe? Does it have the same behavior as SharePoint?Regards, Savoeurn Va Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2010 9:26pm
No its working in ldp.exe as per our requirement. But its not working in SharePoint 2007.
November 15th, 2010 7:44am
Hi Sujit,
It needs to work in LDP.exe first before you can use it in SharePoint. LDP is just to verify you have a proper filter. Please review the syntax of LDAP here:
http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx
For your question, you'll need to find another attribute to filter against, something more unique.Regards, Savoeurn Va Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
November 15th, 2010 9:32am
Hi Savoeurn,
It was working fine in SharePoint 2003, we migrate our sharepoint site into sharepoint 2007 so here this ldap query not working.
I have already check the syntax its ok.
----------------------------------------
Regards, Sujit
January 19th, 2011 7:28am