Sophos AD Sync Filters

Question

Hi, 
 
 I've inherited the system and noticed that we have 1000s of users in Sophos Central even though we should probably have around 1000-1500. 
 
 A little OU structure overview: 
 
 Admins top level OU (no users in root) 
 -Sub OU 1 (users) 
 -Sub OU 2 (users) 
 -Sub OU 3 (users) 
 
 Users top level OU (contains users in root) 
 -Sub OU 1 (users) 
 -Sub OU 2 (users) - This OU has 1000s of users and only a handful of them ever logged in. 
 -Sub OU 3 (users) 
 -Sub OU 4 (users) 
 
 Is there a way to create an LDAP filter for all users and admins that would only sync users who logged on in XX days? Say 30 days? 
 Alternatively if the above is not possible I am thinking to have have a filter based on group memberships. 
 
 Anyone has a suggestion about an LDAP filter that could work for the above scenario? 
 
 Granted, the OUs could do with a little restructuring but I think of that as last resort for now. 
 
 Regards, 
 LP

Qoosh · Answer

Hi LP, 
 Thanks for reaching out to the Sophos Community Forum. 
 If you are looking to filter out the users that have never logged on, it is possible to do so using "lastLogonTimestamp<=". 
 I recommend looking into the attribute a bit further to better understand it, as the actual date of the most recent logon can be different than the value returned from AD. What may work best is to run a report for this value and the usernames from your active directory environment to view the results in a CSV or Excel document. You can then order the list by "lastLogonTimestamp" to see if using this type of filter will accomplish what you're aiming to do.