Welcome: Guest!

MOSS Forum

 
Home » Forum » MOSS       Ask a questionRSS Feeds

Omitting non-user accounts from user profile generation

  Asked By: Coty Mcmillan         Date: Sep 03, 2008      Category: MOSS      Views: 395
 

Our MOSS environment builds user profiles by pulling from a single AD
domain. We would like to eliminate non-user (system, admin, etc.)
accounts from the user profiles for both efficiency and security
reasons. In the past we tried to do this by filtering for specific OUs,
but SP didn't allow that. We have thought that we'd have to do it via
AD security groups but my AD expert tells me that's a bizarre and
resource-intensive way to do it. I seem to recall that SP1 addressed
the OU issue in some capacity. Has anyone got more information about
that or test results? Anyone have any additional suggestions for me?
This is a fairly big issue for us and I've been unable to make any
progress (it's preventing us from deploying people search and My Sites).

Tagged:              

 

3 Answers Found

 
Answer #1       Answered By: Katelynn Donovan          Answered On: Sep 03, 2008       

We do this and it works nicely... you can build custom LDAP
filters/query to define WHICH AD user  account objects are included in
the profile  import.

With this, you can use additional  criteria (attributes) to per-se "tag"
the accounts  as belonging to a human rather than a "system type account"

In our company, a separate process pulls data from our HR database and
imports it into Active Directory. We use the "employee number" as the
key field for this transactions. When this sync process is executed,
records in AD and HR db with a matching "employee number" are keyed and
then other information  from HR (such as phone#, title, department,
business center, country, location, etc) is imported directly into
Active Directory.

Then when the SharePoint profile database sync job runs, we use LDAP
filters to keep out the system  accounts. For example, only AD user
objects with a "Job Title" and an "employee number" present are synched
to the SharePoint Profile dB. If an employee number is missing from the
AD object, then the sync is not performed.

 
Answer #2       Answered By: Geraldine Slater          Answered On: Sep 03, 2008       

We pull in our profiles  via four custom profile  imports based on AD.
We have OU's for each of our locations with a Users OU in each of
those four locations. So the search  base text looks somethink like
this:

OU=Users,OU=Location1,DC=ourdomain,DC=net

We had origianlly tried using the LDAP query against AD but didn't
like the results  it returned

 
Answer #3       Answered By: Gail Richmond          Answered On: Sep 03, 2008       

Our AD db is built manually without a unique identifier such
as an HR employee number (I know, I know). But if it's just a matter of
designating something in our AD profile  that indicates the account is an
active employee account and not an administrative one, shouldn't we
still be able to do that? Can you tell me more about how you set the
filtering up from within the user  profile import settings in SharePoint?

 
Didn't find what you were looking for? Find more on Omitting non-user accounts from user profile generation Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011