You are here: All Help Topics > Engagement Management > Users > Using LDAP Import Filters
-- How Do I? --

Using LDAP Import Filters

You can use the Filter field to customize your Active Directory import based on users or groups. To see both users and groups, no filter is required.

Note: The Filter field is available only when Enable Active Directory Integration has been selected.

  1. From the Data Store Administration Tool, click the Active Directory tab. Enter any credentials.
  2. In the Filter field, enter a filter for:
  • Groups as follows: "(objectcategory=group)"
  • Users as follows: "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

  1. Click Synchronize with Active Directory.

Results

Based on the filter that you specify (users or groups), the Active Directory Integration dialog opens with all active users and/or groups listed.

  • To retrieve users last modified between Jan. 01, 2013 and April 04, 2013 type: (&(whenChanged>=20130101050000.0Z) (whenChanged<=20130402035959.0Z))
  • To retrieve all active users in a department that starts with the letter 'w' type: (department=w*)
  • To retrieve all active users from the LDAP server type: (!userAccountControl:1.2.840.113556.1.4.803:=2)
  • To retrieve users in some Windows group membership type: (memberOf=xxx) - where, xxx, represents the distinguished name of the Windows group
All group objects (objectCategory=group)
All distribution groups (Notes 4, 15) (&(objectCategory=group) (!(groupType:1.2.840.113556.1.4.803:=2147483648)))
All security groups (Notes 4, 19) (groupType:1.2.840.113556.1.4.803:=2147483648)
All built-in groups (Notes 4, 16, 19) (groupType:1.2.840.113556.1.4.803:=1)
All global groups (Notes 4, 19) (groupType:1.2.840.113556.1.4.803:=2)
All domain local groups (Notes 4, 19) (groupType:1.2.840.113556.1.4.803:=4)
All universal groups (Notes 4, 19) (groupType:1.2.840.113556.1.4.803:=8)
All global security groups (Notes 17, 19) (groupType=-2147483646)
All universal security groups (Notes 17, 19) (groupType=-2147483640)
All domain local security groups (Notes 17, 19) (groupType=-2147483644)
All global distribution groups (Note 19) (groupType=2)
Parameter Description
-LDAP Perform LDAP import
-DP Default offline password
-UI Import user initials
-MN Import middle name
-Filter (Optional) LDAP filter expression
-Host (Optional) LDAP host name
-Port (Optional) LDAP port number
-LU (Optional) User name
-LP (Optional) User password
-LD (Optional) Domain name

Using Command Prompt for Import Filter

Follow this procedure to use command line parameters for your Active Directory Import instead of the filter field.

Procedure

  1. In your C: drive, navigate to the Windows | System32 folders.
  2. Navigate to cmd.exe. Right click and select Run as administrator.

  1. Enter cd \. Press ENTER.
  2. Enter cd program files (x86). Press ENTER.
  3. Enter cd "CaseWare Data Store Administration Tool". Press ENTER.
  4. Type sharedstoreadmin.exe (followed by your customized filter). Press ENTER.

The Data Store Administration Tool and the Active Directory Integration dialog opens to begin your import.

You can type SharedStoreAdmin.exe -U sup -P sup -LDAP (replace sup with your username/password) to perform an LDAP import.

In this example, SharedStoreAdmin executes Data Store, -U and -Prepresent login on with a username and password and-LDAP will perform an LDAP import.

Note:

  • If there is a space between parameters you must use quotation marks around the parameters. e.g. Instead of using SharedStoreAdmin -U sup -P sup -LDAP -filter (department=working papers), you must put quotation marks around "working papers". The correct syntax is SharedStoreAdmin -U sup -P sup -LDAP -FILTER (department="working papers").
  • As of Working Papers 2016, additional command line options are available:
    • “-Delete -Filter (...)” will delete all users from the Data Store based on an optional filter. For example, to delete all records from departments that start with the letter ‘w’, run this command: SharedStoreAdmin -U sup -P sup -LDAP -Delete -Filter (department=w*)
    • “-Update” will update only records that have been marked. For example, to sync selected records, run this command: SharedStoreAdmin -U sup -P sup -LDAP -Delete -Filter (department=w*)

Related Topics