Syncing Contacts based on Group Membership in the Source Active Directory
Created: 2012-04-20 08:09:59Modified: 2017-05-08 19:05:24
Tags: Active Directory UnitySync
When pulling from Active Directory (AD), it may be desirable to include or exclude certain source objects based on their group membership.
Solution
The default sourcedef files do not include the memberof attribute, so you will need to customize your sourcedef. You must create a custom sourcedef and add memberOf to the line that begins attribs=.
NOTE: If your MemberOF filter/exclude is not working as expected, this may be due to security permissions. Try using a Domain Admin as the Source login ID to see if you get better results. Alternatively, to allow a Domain User to work, you may need to delegate advanced control of both Groups as well as Users in the root of the source domain.
EXCLUDE based on Group Membership:
If you want to exclude objects based on Group membership, you should use an Exclude rule on the Custom tab of your connection.
Example Rules for excluding objects based on Group Membership, where GroupX is simply the name of the group:
MemberOf:GroupX
MemberOf:GroupZ
INCLUDE based on Group Membership:
The inclusion of objects based on Group membership may be accomplished with an Optional LDAP Query Filter on the Source tab.
Note: If you are already using a filter, you must use proper syntax to combine the existing and new filters.
On the Source tab of your connection, insert filters for each source object type you want to apply the filters to (i.e. Users, Contacts, Groups). In the filter, specify the group or groups whose member objects you want the connection to pull.
Example for including members of one group:
(Memberof=CN=GroupX,ou=Groups,DC=domain,DC=com)
For multiple groups, use leading or “|” syntax and specify each GroupDN. Example for including members of two Groups:
(|(Memberof=CN=GroupX,ou=Groups,DC=domain,DC=com)(Memberof=CN=GroupZ,ou=groups,DC=domain,DC=com))