Aidan Garnish
MOSS 2007 and other Microsoft technologies

MOSS Profile Search LDAP Query that Removes Disabled and Service Accounts

October 11, 2007 09:08 by aidan

The usual LDAP query to import user profiles from AD into MOSS is:

(&(objectCategory=person)(objectClass=user)

The downside of this query is that you are also going to get your service accounts and any disabled accounts imported as well. This creates a lot of unnecessary clutter in people searches and greatly reduces the effectiveness of the people search scope.

To remove these accounts use the following:

  • (!userAccountControl:1.2.840.113556.1.4.803:=2) - removes disabled accounts
  • (!userAccountControl=65536) - removes accounts with password set to never expire

So the new LDAP query is:

(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!userAccountControl=65536))

For more ADSI userAccountControl flags go here: http://msdn2.microsoft.com/en-us/library/aa772300.aspx

Credit for this goes to Suman Chakrabarti's blog


Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Tags: ,
Categories: MOSS 2007
Actions: E-mail | Permalink | Comments (1) | Comment RSSRSS comment feed

Related posts

Comments

December 6. 2007 22:23

Where do you configure this in Moss

Ndongo

Add comment


 

  Country flag

[b][/b] - [i][/i] - [u][/u]- [quote][/quote]



Live preview

January 6. 2009 14:41

Search

Archives

Categories


Blogroll

Disclaimer

  • The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

    © Copyright 2009

 
Powered by BlogEngine.NET 1.3.1.0