Ad sync project scope/filter.

Question

Hi, 
 i am trying to resolve an issue and i am wondering if some one have implemented anything like this before. 
 Requirement: add a new OU to IDM scope which had different user accounts and groups and only import specific accounts which match a condition and import all the other accounts from other OU&rsquo;s. 
 Can you please suggest the best practices or any sample codes how to add the filter in the object filter. 
 Thank you

Robert Byrne · Accepted Answer

Hi, 
 You should be able to achieve what you want by defining new schema classes: one for the traditional account type and one for the specific account type. You will add a 'Select objects' filter on a criteria to distinguish the two account types and also the vrtEntryParentDN to take account of your specific OU. Please see the example filter below. 
 Remember every connector makes a set of additional virtual attributes available for your convenience. You can easily see these virtual attributes by browsing to the object type in the target system browser of sync editor and scrolling to the bottom to the attributes named like vrt*. 
 As always, after any change to the schema or mappings be sure to hit Update Schema...otherwise you will not see your changes integrated and you will get very annoyed :-). 
 hth, 
 Rob. 
 objectClass like '%posixAccount%' and vrtEntryParentDN='ou=otherpeople,dc=mylab,dc=com'

Endpoint Privilege Management

Ad sync project scope/filter.

Top Replies