Apply a LDAP Filter for User Profile Import

With MOSS (Microsoft Office SharePoint Server 2007) you can import user profiles from an Active Directory or LDAP. By default, it will import user profiles from the current domain. The import will include all user objects, since the default LDAP filter is:

(&(objectCategory=Person)(objectClass=User))

Deactivated and deleted accounts will appear in the SharePoint user database.

The filter value can be adjusted, to only import active user objects. 

(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(IsDeleted=TRUE)))

With a LDAP browser, you can compare the results of the two filters if you don’t trust the query 🙂

Question: I changed the filter, but after a user import the profile count is the same as before!

Answer: Start a crawl on your “Local Office SharePoint Server sites” Content Source. It will find out that some user profiles where not imported, and adjust the profile count.

Update:

Question: What do I have to change, so that I only import xyz?

Answer: Many Templates are listed here: Active Directory Saved Queries Templates