Thursday, May 20, 2010

SharePoint 2010 Connection Filter Logic

For SharePoint 2007 our MOSS profile sync uses the an LDAP query that filters which OU Users we dont't require -

ie User filter: (&(objectClass=user)(!Status:=System)(!UserAccountControl:1.2.840.113556.1.4.803:=2))

This assumes we want everyone except those with and AD attribute of Status=System (the UserAccountConrol setting excludes accounts disabled)

For SharePoint 2010 once you have setup your Sychronization Connection to include one or more OUs from AD, you can then add exclusion rules by clicking to the right of the Syncronization Connection and choosing Edit Connection Filters from the menu.

I didn't read the screen properly and just applied the same filter logic as SharePoint 2007 but after 4 hours of pain not getting the results I wanted, so I read what it said on the screen.
It says "Exclusion Filter for Users" - as such YOU MUST REVERSE YOUR LOGIC from SP2007!!

Thus to achieve the same result above you need:
ie User filter: (Status:=System)(UserAccountControl:Bit On:=2))

I'll read the screen next time - duh!

2 comments:

sukumar said...

SharePoint is one of the best Platform. nice post about SharePoint. keep it up more. Sharepoint Development we need more details about SharePoint.

Anonymous said...

It's also a good idea that you have "Any/Or" selected if you have criteria where, if the user meets ANY of them, they should be removed. This cost me countless hours for over looking it!