Tip: Disabled users in active directory on sync
Posted: Mon Jun 02, 2014 1:45 pm
I'm using the new ldap sync feature introduced in one of the recent versions of GA services. The feature allows us to keep user in sync with active directory. The one thing I didn't like when I set this up was that if you did a sync to create users that don't already exist it would pull all of your disabled users and create home directories for them.
Here is how to stop that from happening:
Security->Login Methods
Click the edit button on the LDAP/AD profile your users are sync'd with:
Click the "User" tab
Edit the "Object Filter" to look like: (&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
--Brad
Here is how to stop that from happening:
Security->Login Methods
Click the edit button on the LDAP/AD profile your users are sync'd with:
Click the "User" tab
Edit the "Object Filter" to look like: (&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
UserTab
GA-LDAP.png (10.51 KiB) Viewed 6433 times
GA-LDAP.png (10.51 KiB) Viewed 6433 times