Using LDAP Import Filters
You can use the Filter field to customize your Active Directory import based on users or groups. To see both users and groups, no filter is required.
Note: The Filter field is available only when Enable Active Directory Integration has been selected.
Procedure
- From the Data Store Administration Tool, click the Active Directory tab. Enter any credentials.
- In the Filter field, enter a filter for:
- Groups as follows: "(objectcategory=group)"
- Users as follows: "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
- Click Synchronize with Active Directory.
Results
Based on the filter that you specify (users or groups), the Active Directory Integration dialog opens with all active users and/or groups listed.
Other filter examples for users:
- To retrieve users last modified between Jan. 01, 2013 and April 04, 2013 type: (&(whenChanged>=20130101050000.0Z) (whenChanged<=20130402035959.0Z))
- To retrieve all active users in a department that starts with the letter 'w' type: (department=w*)
- To retrieve all active users from the LDAP server type: (!userAccountControl:1.2.840.113556.1.4.803:=2)
- To retrieve users in some Windows group membership type: (memberOf=xxx) - where, xxx, represents the distinguished name of the Windows group
Other Filter examples for groups:
| All group objects | (objectCategory=group) |
| All distribution groups (Notes 4, 15) | (&(objectCategory=group) (!(groupType:1.2.840.113556.1.4.803:=2147483648))) |
| All security groups (Notes 4, 19) | (groupType:1.2.840.113556.1.4.803:=2147483648) |
| All built-in groups (Notes 4, 16, 19) | (groupType:1.2.840.113556.1.4.803:=1) |
| All global groups (Notes 4, 19) | (groupType:1.2.840.113556.1.4.803:=2) |
| All domain local groups (Notes 4, 19) | (groupType:1.2.840.113556.1.4.803:=4) |
| All universal groups (Notes 4, 19) | (groupType:1.2.840.113556.1.4.803:=8) |
| All global security groups (Notes 17, 19) | (groupType=-2147483646) |
| All universal security groups (Notes 17, 19) | (groupType=-2147483640) |
| All domain local security groups (Notes 17, 19) | (groupType=-2147483644) |
| All global distribution groups (Note 19) | (groupType=2) |
Using Command Prompt for Import Filter
Follow this procedure to use command line parameters for your Active Directory Import instead of the filter field.
Procedure
- In your C: drive, navigate to the Windows | System32 folders.
- Navigate to cmd.exe. Right click and select Run as administrator.
- Enter cd \. Press ENTER.
- Enter cd program files (x86). Press ENTER.
- Enter cd "CaseWare Data Store Administration Tool". Press ENTER.
- Type sharedstoreadmin.exe (followed by your customized filter). Press ENTER.
Results
The Data Store Administration Tool and the Active Directory Integration dialog opens to begin your import.
Filter example
You can type SharedStoreAdmin.exe -U sup -P sup -LDAP (replace sup with your username/password) to perform an LDAP import.
In this example, SharedStoreAdmin executes Data Store, -U and -Prepresent login on with a username and password and-LDAP will perform an LDAP import.
Note:
- If there is a space between parameters you must use quotation marks around the parameters. e.g. Instead of using SharedStoreAdmin -U sup -P sup -LDAP -filter (department=working papers), you must put quotation marks around "working papers". The correct syntax is SharedStoreAdmin -U sup -P sup -LDAP -FILTER (department="working papers").
Filter Parameters
| Parameter | Description | Example |
|---|---|---|
| -I | Perform import | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
| -F | Force resync of personal stores | SharedStoreAdmin -F [-S] |
| -D | Specify the import file path | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
| -U | User name (must be an administrator) | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
| -P | (Optional) Password (required if a password exists) | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
| -R | (Optional) Replace with source file (default to merge with source file) | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
| -V | (Optional) Preserve password (default to replace old password) | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
| -S | (Optional) Silent import (does not display dialog) | SharedStoreAdmin -I -D 'directory' -U 'user' [-P 'password'] [-R] [-V] [-S] |
LDAP Filter Parameters
| Parameter | Description | Example |
|---|---|---|
| -LDAP | Perform LDAP import | SharedStoreAdmin -U sup -P sup -LDAP |
| -DP | Default offline password | SharedStoreAdmin.exe -U sup -P sup -LDAP -Host host -DP offpass -LU user -LP password -LD domain |
| -UI | Import user initials | - |
| -MN | Import middle name | - |
| -Filter | (Optional) LDAP filter expression |
Filter to departments that start with the letter 'w'. SharedStoreAdmin -U sup -P sup -LDAP -Filter (department=w*) |
| -Host | (Optional) LDAP host name | SharedStoreAdmin -U sup -P sup -LDAP -Host host |
| -Port | (Optional) LDAP port number | - |
| -LU | (Optional) User name for the specified LDAP server | SharedStoreAdmin.exe -U sup -P sup -LDAP -Host host -LU user -LP password -LD domain |
| -LP | (Optional) Password for the specified LDAP server (required if a password exists) | SharedStoreAdmin.exe -U sup -P sup -LDAP -Host host -LU user -LP password -LD domain |
| -LD | (Optional) Non-default LDAP server name or IP address | SharedStoreAdmin.exe -U sup -P sup -LDAP -Host host -LU user -LP password -LD domain |
| -Delete | (Optional) Delete users from the data store |
To delete all records from departments that start with the letter ‘w’: SharedStoreAdmin -U sup -P sup -LDAP -Delete -Filter (department=w*) |
| -Update | (Optional) Update the data store | SharedStoreAdmin -U sup -P sup -LDAP -Update |
- Active Directory
- Active Directory tab
- Active Directory Integration Dialog
- Adding Users from the Windows Active Directory
