Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 5326 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Sync Question Endpoint Advanced

Jeremy Kowalczyk

Hello,

I was able to successfully sync my AD users into Sophos Central via the AD Sync tool. Is there a way to exclude certain sub containers in AD from syncing? For example, we have an OU called "Test" and there are 6 sub-OU's that fall underneath it. In the define filters section of the Sophos AD Sync utility, I put an entry on the "User Discovery Filters" that reads "OU=Test,DC=my,DC=domain". It syncs that OU and all the sub-OU's that fall under it. Is there syntax to exclude a specific sub-OU that falls under the "Test" OU?

 

Also, is there a way to not have the AD sync tool sync groups? On the Group Discover Filters tab, it requires me to have something in there and it ends up syncing every group from AD. I don't want to sync any groups into Sophos Central.

 

Thanks in advance.



This thread was automatically locked due to age.
  • 0

    Hi Jeremy,

    LDAP is always a pain to work with.

    To stop the groups from being included in the sync, can you point the discovery search base to a OU that has no groups?  It should only search the OU you tell it.

    Regarding the sub-OU's, I am not sure if LDAP supports this, but you could try (!OU=OUname) and see if it skips it.  I believe to add multiple exclusions the syntax is ((!OU=OUname1)&&(!OU=Ouname2)).

    You might have to experiment a bit.  Hope this helps.

    Keith

Unfiltered HTML