Tip: Disabled users in active directory on sync

Post any question you may have in regards to GoAnywhere Services and let our talented support staff and other users assist you.

Tip: Disabled users in active directory on sync

Postby bothunbr » Mon Jun 02, 2014 1:45 pm

I'm using the new ldap sync feature introduced in one of the recent versions of GA services. The feature allows us to keep user in sync with active directory. The one thing I didn't like when I set this up was that if you did a sync to create users that don't already exist it would pull all of your disabled users and create home directories for them.

Here is how to stop that from happening:
Security->Login Methods
Click the edit button on the LDAP/AD profile your users are sync'd with:
Click the "User" tab
Edit the "Object Filter" to look like: (&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

GA-LDAP.png
UserTab
GA-LDAP.png (10.51 KiB) Viewed 74 times


--Brad
bothunbr
 
Posts: 11
Joined: Sun Mar 31, 2013 12:13 pm

Re: Tip: Disabled users in active directory on sync

Postby Support_Jon » Thu Jun 12, 2014 7:59 am

Brad,

Thank you for sharing this tip. This will work well for customers using Active Directory for authentication as part of a Managed LDAP Login Method. However, this object filter does not work with Active Directory Lightweight Directory Servers (AD LDS) based on our testing.

Thanks - Jon
Support_Jon
Support Specialist
 
Posts: 48
Joined: Thu Jul 19, 2012 9:15 am
Location: Ashland, NE


Return to Community Forum

Who is online

Users browsing this forum: No registered users and 1 guest