AD Sync LDAP Filer problem

Hi Everyone,

I have a problem with Sophos Central's AD Sync Utility that makes no sense.

I've already been through the doco at

And from what I can tell it's correct, but it isn't working as described or expected. So, to get on with it:


User Discovery

Search Scope: OU=Domain Users,DC=domain,DC=internal


When I have this, and just this, defined it pulls all of the users out of this OU and any OU under it, which is what I'd expect. The problem is when I try to limit those results to only members of a security group I named Sophos_Sync.


When I put the following Additional LDAP Filter in it all breaks.

memberOf=CN=Sophos_Sync,OU=Domain Security,DC=domain,DC=internal


When I click on Preview and Sync the results show me that it wants to remove people from Sophos Central who are definitely members of that group. I can pull up the group and look at the membership and everyone listed for removal is in that group. I honestly don't get what is going wrong.

  • Hi  

    Thank you for contacting us. I'd request you to open a support case here as your problem can be resolved faster if it is troubleshooted through the remote session as we need to check the multiple things first.