We received a hint from our colleagues, who administrate the Active Directory, that we can exclude user objects, which have the value 2048 in the attribute userAccountControl.
We have done first tests with our own schema class - in our opinion this worked. However, we do not want to create a separate schema for each exclusion.
So the question is, what is the best variant for such a filter - a system filter or an object filter?
With the system filter we are confused by the hint that it should only work for existing objects - or do we misunderstand something in this context?
Currently we use version 8.0.5 of One Identity Manager
Thanks for any advice