Re: Synchronize only attributes you want ADAMSync

Tech-Archive recommends: Speed Up your PC by fixing your registry

On Aug 1, 11:54 am, "Lee Flight" <l...@xxxxxxxxxxxxxxx> wrote:
Hi"Enrico" <nri...@xxxxxxxxx> wrote in message

news:1185980980.280352.219650@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

After doing some reasearch online, it seems that <object-
filter>(objectClass=User)</object-filter> is not the most efficient
way for me to grab user objects from AD via ADAMsync. In an attempt
to clean this up, I have been working with the filter:
<object-filter>(&(objectCategory=Person)(objectClass=User))</object-
filter>
Even though most references on the internet say this is the way to
specify a user search, I keep getting a syntax error when attempting
to install my MS-AdamSyncConf file.
----------
Error: Error parsing XML File. A name was started with an invalid
character. . Line 13, Position 21 in (null)

Since object-filter is an element in an XML
document certain components of the LDAP filter
need to be replaced by the appropriate XML entity
or character reference:

and = "&" use &amp;
or = "|" use &#124;
not = "!" use &#33;

e.g.
(&amp;(objectCategory=Person)(objectClass=User))

Something to be aware of is that using more complex filters
in ADAMSync can lead to unexpected results, e.g. the
presence of objectCategory in the filter above means
that object deletions in AD will not be sync'ed toADAM
in subsequent ADAMSync runs as objectCategory is not
preserved by default on deleted objects in AD.

Lee Flight

Lee,

I am almost at completion of synchronization of the attributes I
want. The final wall I am hitting is when I attempt to use the
objectFilter to only sync specific attributes to my ADAM instance

Using the following object filter
<object-filter>(&#124;(objectClass=User)(objectClass=Organizational-
Unit))</object-filter>
I am attempting to sync only user and Organizational Unit objects.

However, I am noticing that for an OU without any user objects, ADAM
is not brining over the OU. I can't seem to find any reference to
ADAM looking for these OU object during Sync.

Am I performing the object-filter correctly, or do I need to
synchronize additional attributes to get empty OUs to appear?

Thanks

Enrico

.

Relevant Pages

  • Re: need serious help with lastLogonTimetamp attribute in 2003 AD
    ... The filter can be modified to only consider user objects that are not ... ' Filter on user objects that are not disabled. ... Dim strDN, lngDate, objDate, lngHigh, lngLow, dtmDate ... Dim objShell, lngBiasKey, lngBias ...
    (microsoft.public.windows.server.scripting)
  • Re: need serious help with lastLogonTimetamp attribute in 2003 AD
    ... "Richard Mueller" wrote: ... The filter can be modified to only consider user objects that are not ... ' Filter on user objects that are not disabled. ... Dim objShell, lngBiasKey, lngBias ...
    (microsoft.public.windows.server.scripting)
  • Re: Move computers account to another OU from a txt list
    ... I need a script, that list from OU or txt file, that contains machine ... user objects by changing the ADO filter in the loop. ... ' Change the base of the query to a specific OU. ... ' Filter on all user objects. ...
    (microsoft.public.windows.server.scripting)
  • Re: disable user account in active directory via a vb script
    ... user objects, enumerate users, and for each user set AccountDisabled to True ... ' Bind to specified Organizational Unit. ... ' Filter on user objects. ...
    (microsoft.public.windows.server.scripting)
  • Re: ADFS and ADAM
    ... User object has all the correct attribute values. ... create a query in ADSI Edit with same search base DN and filter it returns ... ADFS uses to log on to ADAM, ... User jdoe logon handled non-authoritatively with LdapUserObjectNotFound by ...
    (microsoft.public.windows.server.active_directory)