This article provides information on configuring filters in Sophos Central Admin Ad Sync Utility version 2.
Applies to the following Sophos product(s) and version(s) Sophos Central Admin
Note: AD Sync Utility supports multiple domains; as a result it's important to remember that you may need to setup filters on each domain.
As detailed on the AD Filters tab, the default LDAP filter for users objects includes:
It is possible to add to this default filter, for example, to filter out the 'SophosSAU' accounts for a domain, you can add the additional filter:
The full resultant LDAP filter will be visible in the AD Sync log file, for example, with the above addition, the full user filer becomes:
05:31:57.905 PM Checking for users on [domain] with filter (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113522.214.171.1243:=2)((!name=SophosSAU*)))
In addition to customizing an LDAP filter to control the user objects that are imported; it is also possible to change the base search for each domain selected. For example, by default it might read: 'DC=child,DC=parent,DC=local' or 'DC=parent,DC=local' to mean the entire domain.
When gathering users and groups from Active Directory, two different types of LDAP filters can be specified. Each of these filter types is specific to a particular domain (in other words, different filters can be specified for each domain).
Separate filters exist for users and groups. Please note the following behaviors regarding LDAP filters:
To only consider objects from a couple of top level Organization Units (OUs) in the main domain you could change this filter to be:
In addition to the above filters, the 'Preview and Sync...' option will allow you to see the resultant effect of a filter prior to the query taking place.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.