Active Directory import filters
You can customize your Active Directory import by filtering it based on user attributes and group memberships. You can apply the filter from the Data Store Administration Tool or from Windows Command Prompt.
To filter an Active Directory import from data store:
- Launch the Data Store Administration Tool. In the Active Directory group, ensure Active Directory Integration is enabled.
- In the Filter field, enter one of the following filters:
- Groups: "(objectcategory=group)"
- Users: "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
- Click Synchronize with Active Directory.
The Active Directory Integration dialog displays a list of all active users or groups for import. Use different user and group filters to further customize your import.
To filter an Active Directory import from Command Prompt:
- Locate Command Prompt using the Windows Start menu or search. Right-click Command Prompt and click Run as administrator.
- Change the directory in Command Prompt to the location of the Data Store Administration Tool (Default: C:\Program Files\Caseware Data Store Administration Tool\).
- Type sharedstoreadmin64.exe followed by the applicable filter parameters, then press Enter.
The Active Directory Integration dialog displays a list of all active users or groups for import.
User and group filters
User filters
Filter | Description |
---|---|
(&(whenChanged>=20130101050000.0Z) (whenChanged<=20130402035959.0Z)) | Retrieve users last modified between Jan. 01, 2013 and April 04, 2013 |
(department=w*) | Retrieve all active users in a department that starts with the letter 'w' |
(!userAccountControl:1.2.840.113556.1.4.803:=2) | Retrieve all active users from the LDAP server |
(memberOf=xxx) Where "xxx" represents the distinguished name of the Windows group |
Retrieve users in some Windows group membership |
Group filters
Filter | Description |
---|---|
(&(objectCategory=group) (!(groupType:1.2.840.113556.1.4.803:=2147483648))) | All distribution groups (Notes 4, 15) |
(groupType:1.2.840.113556.1.4.803:=2147483648) | All security groups (Notes 4, 19) |
(groupType:1.2.840.113556.1.4.803:=1) | All built-in groups (Notes 4, 16, 19) |
(groupType:1.2.840.113556.1.4.803:=2) | All global groups (Notes 4, 19) |
(groupType:1.2.840.113556.1.4.803:=4) | All domain local groups (Notes 4, 19) |
(groupType:1.2.840.113556.1.4.803:=8) | All universal groups (Notes 4, 19) |
(groupType=-2147483646) | All global security groups (Notes 17, 19) |
(groupType=-2147483640) | All universal security groups (Notes 17, 19) |
(groupType=-2147483644) | All domain local security groups (Notes 17, 19) |
(groupType=2) | All global distribution groups (Note 19) |
Filter parameters
General filter parameters
Parameter | Description | Example |
---|---|---|
-I | Perform import | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
-F | Force resync of personal stores | SharedStoreAdmin -F -S |
-D | Specify the import file path | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
-U | User name (must be an administrator) | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
-P (Optional) |
Password (required if a password exists) | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
-R (Optional) |
Replace with source file (default to merge with source file) | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
-V (Optional) |
Preserve password (default to replace old password) | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
-S (Optional) |
Silent import (does not display dialog) | SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S |
LDAP filter parameters
Parameter | Description | Example |
---|---|---|
-LDAP | Perform LDAP import | SharedStoreAdmin -U user -P password -LDAP |
-DP | Default offline password | SharedStoreAdmin -U user -P password -LDAP -Host host -DP offpass -LU user -LP password -LD domain |
-UI | Import user initials | - |
-MN | Import middle name | - |
-Filter (Optional) |
LDAP filter expression |
Filter to departments that start with the letter 'w'. SharedStoreAdmin -U user -P password -LDAP -Filter (department=w*) |
-Host (Optional) |
LDAP host name | SharedStoreAdmin -U user -P password -LDAP -Host host |
-Port (Optional) |
LDAP port number | - |
-LU (Optional) |
User name for the specified LDAP server | SharedStoreAdmin.exe -U user -P password -LDAP -Host host -LU user -LP password -LD domain |
-LP (Optional) |
Password for the specified LDAP server (required if a password exists) | SharedStoreAdmin.exe -U user -P password -LDAP -Host host -LU user -LP password -LD domain |
-LD (Optional) |
Non-default LDAP server name or IP address | SharedStoreAdmin.exe -U user -P password -LDAP -Host host -LU user -LP password -LD domain |
-Delete (Optional) |
Delete users from the data store |
To delete all records from departments that start with the letter ‘w': SharedStoreAdmin -U user -P password -LDAP -Delete -Filter (department=w*) |
-Update (Optional) |
Update the data store | SharedStoreAdmin -U user -P password -LDAP -Update |