UserQuery - Query customization (Include only ENABLED AD ACCOUNTS)
Emmanuel_Cassidy
Customer IT Monkey ✭
Is it possible to change the default UserQuery to return ONLY ACTIVE accounts in AD. There are no reasons on our forms that a user would have to select a user which has an account in AD set to Disabled, It's currently pulling EVERYTHING in our AD. I was wondering if this should be done at the AD connector level or through this UserQuery setting.
Another option would be to only include Active accounts that have an EmployeeID assigned. or am I taking this too far ?
UserQuery
Default setting: DisplayName LIKE '%' + @Query + '%' OR UserName LIKE '%' + @Query + '%'
0
Best Answer
-
Geoff_Ross
Cireson Consultant O.G.
Emmanuel,
I would definitely set this at the AD connector level as you don't really want these in your SCSM CMDB either. Add!(useraccountcontrol:1.2.840.113556.1.4.803:=2)
to your LDAP query in the AD connector to only bring in Enabled Accounts. You could also add(employeeID=*)
to filter further and only bring in enabled accounts with an Employee ID to remove all the system accounts, test accounts etc.
Couple of gotchas:
1. You cannot edit the LDAP filter of an AD connector in the GUI. Either disabled it (don't delete it) and create a new one or you can edit it via PowerShell.
2. You will need to truncate and resync your Portal Cache user table once you have got rid of the unwanted accounts from SCSM. There's a Cireson KB article on this.
Geoff8
Answers
I would definitely set this at the AD connector level as you don't really want these in your SCSM CMDB either. Add to your LDAP query in the AD connector to only bring in Enabled Accounts. You could also add to filter further and only bring in enabled accounts with an Employee ID to remove all the system accounts, test accounts etc.
Couple of gotchas:
1. You cannot edit the LDAP filter of an AD connector in the GUI. Either disabled it (don't delete it) and create a new one or you can edit it via PowerShell.
2. You will need to truncate and resync your Portal Cache user table once you have got rid of the unwanted accounts from SCSM. There's a Cireson KB article on this.
Geoff