Active Directory import filters

You can customize your Active Directory import by filtering it based on user attributes and group memberships. You can apply the filter from the Data Store Administration Tool or from Windows Command Prompt.

To filter an Active Directory import from data store:

  1. Launch the Data Store Administration Tool. In the Active Directory group, ensure Active Directory Integration is enabled.
  2. In the Filter field, enter one of the following filters:
    • Groups: "(objectcategory=group)"
    • Users: "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
  3. Click Synchronize with Active Directory.

The Active Directory Integration dialog displays a list of all active users or groups for import. Use different user and group filters to further customize your import.

To filter an Active Directory import from Command Prompt:

  1. Locate Command Prompt using the Windows Start menu or search. Right-click Command Prompt and click Run as administrator.

  2. Change the directory (cd) in Command Prompt to the location of the Data Store Administration Tool using the command (Default: C:\Program Files\Caseware Data Store Administration Tool\).

    For example, type:

    • cd \ to return to the C:\ directory.

    • cd C:\Program Files\Caseware Data Store Administration Tool\ or the location of your DSAT folder.

  3. Type sharedstoreadmin64.exe followed by the applicable filter parameters, then press Enter.

    For example, SharedStoreAdmin.exe -U sup -P sup -LDAP (where sup represents your username/password). SharedStoreAdmin.exe executes Data Store, -U and -P represent a login with a username and password, and -LDAP initiates an LDAP import.

The Active Directory Integration dialog displays a list of all active users or groups for import.

User and group filters

User filters

Filter Description
(&(whenChanged>=20130101050000.0Z) (whenChanged<=20130402035959.0Z)) Retrieve users last modified between Jan. 01, 2013 and April 04, 2013
(department=w*) Retrieve all active users in a department that starts with the letter 'w'
(!userAccountControl:1.2.840.113556.1.4.803:=2) Retrieve all active users from the LDAP server

(memberOf=xxx)

Where "xxx" represents the distinguished name of the Windows group

Retrieve users in some Windows group membership

Group filters

Filter Description
(&(objectCategory=group) (!(groupType:1.2.840.113556.1.4.803:=2147483648))) All distribution groups (Notes 4, 15)
(groupType:1.2.840.113556.1.4.803:=2147483648) All security groups (Notes 4, 19)
(groupType:1.2.840.113556.1.4.803:=1) All built-in groups (Notes 4, 16, 19)
(groupType:1.2.840.113556.1.4.803:=2) All global groups (Notes 4, 19)
(groupType:1.2.840.113556.1.4.803:=4) All domain local groups (Notes 4, 19)
(groupType:1.2.840.113556.1.4.803:=8) All universal groups (Notes 4, 19)
(groupType=-2147483646) All global security groups (Notes 17, 19)
(groupType=-2147483640) All universal security groups (Notes 17, 19)
(groupType=-2147483644) All domain local security groups (Notes 17, 19)
(groupType=2) All global distribution groups (Note 19)

Filter parameters

General filter parameters

Parameter Description Example
-I Perform import SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S
-F Force resync of personal stores SharedStoreAdmin -F -S
-D Specify the import file path SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S
-U User name (must be an administrator) SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S

-P

(Optional)

Password (required if a password exists) SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S

-R

(Optional)

Replace with source file (default to merge with source file) SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S

-V

(Optional)

Preserve password (default to replace old password) SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S

-S

(Optional)

Silent import (does not display dialog) SharedStoreAdmin -I -D directory -U sup -P sup -R -V -S

LDAP filter parameters

Parameter Description Example
-LDAP Perform LDAP import SharedStoreAdmin -U user -P password -LDAP
-DP Default offline password SharedStoreAdmin -U user -P password -LDAP -Host host -DP offpass -LU user -LP password -LD domain
-UI Import user initials -
-MN Import middle name -

-Filter

(Optional)

LDAP filter expression

Filter to departments that start with the letter 'w'.

SharedStoreAdmin -U user -P password -LDAP -Filter (department=w*)

-Host

(Optional)

LDAP host name SharedStoreAdmin -U user -P password -LDAP -Host host

-Port

(Optional)

LDAP port number -

-LU

(Optional)

User name for the specified LDAP server SharedStoreAdmin.exe -U user -P password -LDAP -Host host -LU user -LP password -LD domain

-LP

(Optional)

Password for the specified LDAP server (required if a password exists) SharedStoreAdmin.exe -U user -P password -LDAP -Host host -LU user -LP password -LD domain

-LD

(Optional)

Non-default LDAP server name or IP address SharedStoreAdmin.exe -U user -P password -LDAP -Host host -LU user -LP password -LD domain

-Delete

(Optional)

Delete users from the data store

To delete all records from departments that start with the letter ‘w':

SharedStoreAdmin -U user -P password -LDAP -Delete -Filter (department=w*)

-Update

(Optional)

Update the data store SharedStoreAdmin -U user -P password -LDAP -Update