Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

Profile Import from AD for two sub OUs in one domain - User Filter

  Asked By: Ray Jimenez         Date: Sep 18, 2008      Category: Sharepoint      Views: 917
 

I am trying to do a Profile Import into SharePoint of Users from two
different Sub OUs from Active Directory. SharePoint does not allow
two connections to one Domain, so I am looking for a workaround.

This is the logical outline of the DCs then Sub OUs in our Active
Directory. I need to import from the two Users sub OUs, they are
both in the

YYY
XXX
A1
A2 D1
D1 Users
D2
Users

There is a blog showing an example of a User Filter of 2 SUB OUs in
one domain which appears to work for them. I cannot get this to
work - here is what is working/what is not working:
_____________________________________
This is not working(nothing is returned):
Search Base:
OU=A1, DC=xxx, DC=yyy

User Filter:
(&(objectCategory=person)(objectClass=user)(!
userAccountControl:1.2.840.113556.1.4.803:=2)(!
userAccountControl=65536)(|(memberof:1.2.840.113556.1.4.1941:=
(OU=Users, OU=D1, OU=A1, DC=xxx, DC=yyy))
(memberof:1.2.840.113556.1.4.1941:=(OU=TUsers, OU=D2, OU=D1, OU=A2,
OU=A1, DC=xxx, DC=yyy))))
_____________________________________
Simplified is NOT working(nothing is returned):
Search Base:
OU=A1, DC=xxx, DC=yyy

User Filter:
memberof:1.2.840.113556.1.4.1941:=(OU=TUsers, OU=D2, OU=D1, OU=A2,
OU=A1, DC=xxx, DC=yyy)
_____________________________________
This DOES work (only profiles in the TUsers sub OU are returned):
Search Base:
OU=TUsers, OU=D2, OU=D1, OU=A2, OU=A1, DC=xxx, DC=yyy

User Filter:
(&(objectCategory=person)(objectClass=user)(!
userAccountControl:1.2.840.113556.1.4.803:=2)(!
userAccountControl=65536)

Tagged:                          

 

7 Answers Found

 
Answer #1       Answered By: Lynn Mann          Answered On: Sep 18, 2008       

Although your AD people may not like this solution, it is still the
easiest.

Create an OU and place your existing OU structure within that OU.

Keep all you policies, etc. still pointing to the existing structure as
they do currently.

Use the new "root" OU as the root of your import.

 
Answer #2       Answered By: Damini Dande          Answered On: Sep 18, 2008       

That is a great idea, but not a possibility in our current
environment. AD is very tightly controlled and the two branches I
nee to import  from are owned by different groups of people.

 
Answer #3       Answered By: Addison Peck          Answered On: Sep 18, 2008       

Moving the OUs does not change ownership.

Your carrot here is that they probably would like SharePoint profiles
and audiences to work.

 
Answer #4       Answered By: Lalit Bhattacharya          Answered On: Sep 18, 2008       

It is frustrating that profile  import doesn't let you specify two
connections from different Ous from the same domain.

 
Answer #5       Answered By: Gwendolyn Acosta          Answered On: Sep 18, 2008       

I agree and it is a common complaint.

I just offer a walkaround solution.

 
Answer #6       Answered By: Kyle Hernandez          Answered On: Sep 18, 2008       

Well, we are talking about the military here, and the carrot is
tricky business. I will attempt your solution, but it seems like
there should be another alternative.

What I attempting as shown in this thread supposedly has been
successfully implemented by other people.

 
Answer #7       Answered By: Kedar Phule          Answered On: Sep 18, 2008       

I had a similar issue, and thought I could get around it using
filters. In the end, I was not able to get it to work  and went to our AD
people and convinced them to juggle the OUs around. However, ours is a
very simple domain  with all of the OUs owned by the same group.

I wouldn't recommend the OU shuffle if they're owned by different
groups. AD is supposed to be all out delegating authority over different
parts of the domain, after all...

You may need to build a custom profile  importer. We don't have
Enterprise edition, but I believe that the BDC has some profile import
stuff that may make it easier.

 


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011