LDAP Paths to Scan
The first step in creating an Active Directory profile is to choose which parts of your Active Directory you want to scan and monitor for changes. Each profile can scan multiple Active Directory locations or Organizational Units (OU).
LDAP Paths
These are the locations in the Active Directory where HelpMaster will look for user accounts to create/synchronize. The paths here will vary depending on your domain structure and may look something like this: OU=Recipients,DC=wizbangwidgets,DC=com.
Adding an LDAP Path
These can be easily selected using the Active Directory browsing dialog by clicking the Add button. You may also type in an LDAP path directly using the format LDAP://OU=General Accounts,OU=Wizbang Users,DC=WizbangWidgets,DC=com. If a path is directly typed in, it will be validated to ensure that it actually exists.
Use recursive query (include child containers)
This option is available under the LDAP path box. When checked (ticked by default) it will use a recursive query when querying the Active Directory, i.e. the container and all sub-containers will be queried. If this option is unchecked, it will only query the selected path but not the OUs beneath.
If some paths require recursive queries while others require container-only queries, create a separate profile for each set of paths. This setting will apply to all LDAP paths in the profile.
Do not synchronize Active Directory users that are disabled
As labeled, if checked, this option will prevent disabled Active Directory users from being created or updated.
Limiting the directory structure when browsing
By default, HelpMaster will open the Active Directory browse paths to the root container for your domain e.g. DC=WizbangWidgets,DC=com. In circumstances where you wish to start this browse path at a location further into your hierarchy, you can specify this by copying the exact LDAP path into the database column LDAPPathRoot in the table tblActiveDirectoryServiceConfiguration again using the format LDAP://OU=Wizbang Users,DC=WizbangWidgets,DC=com. See your database administrator for details on how to do this.
LDAP Query Filter (Advanced)
This is an optional setting that can be used to filter the list of users that are returned within each of the specified LDAP paths. Use this text-box to enter a valid LDAP query expression.
The Active Directory search is hard-coded to only search for user objects within the LDAP path, and this cannot be changed. The LDAP filters here add to the expression using the syntax outlined in the webpage (link) below. The following operators may be used.
Operator | Symbol | Meaning |
---|---|---|
AND | & | all conditions must be met |
OR | | | any of the conditions must be met |
NOT | ! | the clause must evaluate to False |
Filter to include only users with first name (givenName) = Jimi:
(&(givenName=Jimi))
Filter to exclude users with first name (givenName) = Jimi OR Fred:
(!(givenName=Jimi)(!(givenName=Fred)))
Filter to include only users with first name (givenName) = Jimi and surname (sn) = King:
(&(anr=Jimi King))
Filter to include only users with an email address (mail):
(&(email=*))
Note, LDAP queries support wildcards and other boolean filtering expressions.
For further information and examples on LDAP filters, see this Microsoft webpage:
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.