Sync only user without specific groups

Tagged: , ,

This topic has 2 replies, 2 voices, and was last updated 5 years, 9 months ago by fdevarennes.

  • Author
  • #15963


    I would like to synchronize user accounts only if they are member of certain group in certain OU. The OU and group are dynamic. I know that a ldap search of memberOf are not searchable with wildcards, so how would you do that?

    — SubSecondOU
    —– GroupOne

    So if the user is a member of GroupOne in that exact structure, then synchronize that user from Active Directory to the AD LDS.


     Jake Feasel

    The simplest suggestion I can offer at the moment is to use a validSource script to check the contents of the source.memberOf, looking for the group name that you are interested in. Unfortunately, you won’t be able to rely on livesync on the ldap account for group membership changes, since those are maintained by the group object, not the account. For that reason, I suggest using a regular recon schedule on the accounts – not as fast as livesync, but it will consistently reflect the state of the group membership.



    i will try that. Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?