Tuesday, April 3, 2012

Setup connection filter on AD

If you want to reduce the amount of user profiles that are imported from AD, then a good way is to filter the AD connection. Then you can filter out disabled accounts and for example, accounts that does not have a mail address. Go to you AD connection in the User Profile Service Application and hover the name of the AD connection. Click on "Edit connection filters":


To filter out disabled accounts, select "userAccountControl" from the Attributes list, and wait for the page to reload.

Then select "Bit on equals" and set it to "2" (without quotation marks)

                              
To filter out accounts that does not have a mail address, select "mail" from the Attributes list and wait for the page to reload.
Then select "not present" from the Operator list.

No comments: