Paths to Scan
The first step in creating an Active Directory profile is to choose which parts of your Windows AD / Entra ID (v24.7+ only) you want to scan and monitor for changes. Each profile can scan multiple locations in both systems.
Paths (AD OUs or Entra ID Groups)
These are the locations in the AD or Entra ID where HelpMaster will look for user accounts to create/synchronize. The paths here will vary depending on your database structure and may look something like this for Windows AD, OU=Recipients,DC=wizbangwidgets,DC=com, or Sales Team for Entra ID groups.
Adding Paths
These can be easily selected from the profile Paths To Scan step by clicking the Add button. You may also type in a path directly using the format LDAP://OU=General Accounts,OU=Wizbang Users,DC=WizbangWidgets,DC=com for Windows AD or Sales Team for Entra ID groups. If a path is directly typed in, it will be validated to ensure that it actually exists.
Use recursive query (include child containers)
This is not applicable for Entra ID profiles in v24.7+. This option is available under the path box for Windows AD profiles only. When checked (ticked by default) it will use a recursive query when querying the Windows AD, i.e. the container and all sub-containers will be queried. If this option is unchecked, it will only query items in the selected path but not the OUs beneath.
If some paths require recursive queries while others require container-only queries, create a separate profile for each set of paths. This setting will apply to all paths in the profile.
Do not synchronize users that are disabled
As labeled, if checked, this option will prevent Disabled Windows AD and Entra ID users from being created or updated.
Do not synchronize guest users. (User type = Guest)
This is only applicable for Entra ID profiles in v24.7+. Entra ID Guest users will not be synchronised if this option is checked (ticked).
Setting the Windows Active Directory start OU
This is not applicable for Entra ID profiles in v24.7+. By default, HelpMaster will open the Windows AD browse paths to the root container for your domain e.g. DC=WizbangWidgets,DC=com. In circumstances where you wish to start this browse path at a location further into your hierarchy, you can specify this by copying the exact path into the database column LDAPPathRoot in the table tblActiveDirectoryServiceConfiguration again using the format LDAP://OU=Wizbang Users,DC=WizbangWidgets,DC=com. See your database administrator for details on how to do this.
Query Filter (Advanced)
Windows Active Directory
This is an optional setting that can be used to filter the lists of users that are returned within each of the specified paths. Use this text-box to enter a valid query expression.
The AD search is hard-coded to only search for user objects within the path, and this cannot be changed. The filters here add to the expression using the syntax outlined in the webpage (link) below. The following operators may be used.
| Operator | Symbol | Meaning |
|---|---|---|
| AND | & | all conditions must be met |
| OR | | | any of the conditions must be met |
| NOT | ! | the clause must evaluate to False |
Filter to include only users with first name (givenName) = Jimi:
(&(givenName=Jimi))Filter to exclude users with first name (givenName) = Jimi OR Fred:
(!(givenName=Jimi)(!(givenName=Fred)))Filter to include only users with first name (givenName) = Jimi and surname (sn) = King:
(&(anr=Jimi King))Filter to include only users with an email address (mail):
(&(email=*))Note, queries support wildcards and other boolean filtering expressions.
For further information and examples on AD filters, see this Microsoft webpage:
Azure Entra ID
Again, this is an optional setting that can be used to filter the lists of users that are returned within each of the specified groups. Use this text-box to enter a valid query expression.
| Operator/Function | Symbol | Meaning |
|---|---|---|
| Equals | eq | property must equal expression |
| Not Equal | ne | property must not equal expression |
| Starts With | startsWith | property must start with expression |
AND, OR, NOT operators may also be inserted between each expression e.g.
Filter to return only users with first name (givenName) = Jimi OR Fred:
givenName eq 'Jimi' or givenName eq 'Fred'Filter to exclude users with first name (givenName) = Jimi or surname (sn) = King:
givenName ne 'Jimi' or surname ne 'King'Filter to include only users where first name starts with ‘b’ OR surname starts with ’s’
startswith(givenName,'b') or startswith(surname,'s')See the following external Microsoft links for detailed properties, operators and functions:
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.