/build/static/layout/Breadcrumb_cap_w.png

Importing users into k1000 from multiple specific AD OU's.

Ok, I've read many things in Itninja related to importing user and creating search filters, etc.. and I have gotten no where fast.  In fact, today the pass through authentication quit working and I didn't even touch that.  I'm trying to clean things up a bit in K1000 and here's what I want to do and not do.

1) I want to Import users from AD into the K1000 to get a good starting point for users.  Why? we have about 750 user/email accounts in our company but only 400 will need access to the K1000 for helpdesk/knowledge base use.  The other 350 users will Never utilize it.

2) I Don't want to import the 100+ security groups into the K1000.  These groups are of no use to our need and I'm in the process of eliminating about 70% of them. No one has a clue as to why we had so many or what they did.  Not talking about Built-in groups/groups created by Exchange, etc.

3) I want to import users from Specific AD OU's only.

The problem I keep running into - I open users > select User Import.  I enter the LDAP server IP, LDAP port (389), Search base DN (dc=mydomain,dc=com), Search filter (&(samaccountname=Kbox_USER)(memberof=OU=Users,OU=Customer Service,OU=BIL,DC=mydomain,DC=com).  This is where I can get nothing to work right.  The next screen requires an LDAP Uid, User Name & Email and all I see is No Value.

If I enter (objectclass=user) in the Search Filter then it works fine but now I get All 750 users and the 100 security groups that I don't want.

What am I doing wrong or not at all?

Asked 10 years ago 3735 views
0 Comments   [ + ] Show comments

Answers (1)

Posted by: h2opolo25 10 years ago
Red Belt
0
Here's what I did which works great thus far for me....
Search string....
(&(&(&(objectCategory=person)(physicaldeliveryofficename=*)(objectCategory=user)
(mail=KBOX_USER)
)))

The string adds all the users in the domain that have the Location field in AD populated. PLEASE NOTICE... I am using the email address as the username. Change that last one to samaccountname=KBOX_USER if you want just the username used. You can change the (physicaldeliveryofficename=*) to whatever you want to filter by.

The way I got the search string was by using the Active Directory Users and Computers to create a Query then right click and choose Edit to see the Query string that you can copy. Add (samaccountname=KBOX_USER) to the string and you should be in business. You can query the specific OU's and have the search string created for you.

Hope this helps.
Comments:
  • Thanks for the input. I understand what you are saying but I'm evidently not entering it right in kace. I can create a query in AD and pull user names from any of the specific OU's without issues. When I copy the query string into the "search Filter" in K1000 User Import I get Nothing. When I try it in the LDAP Browser - I get no entries. - rjobe 10 years ago
    • Just noticed on your search string, you wrote MemberOf. That looks at security groups not OU's. - h2opolo25 10 years ago
      • According to microsoft the proper way of doing it is to put * around the search string.

        http://msdn.microsoft.com/en-us/library/aa746475.aspx

        So it would be distinguishedName=*Users*

        KACE does not like this. - h2opolo25 10 years ago

Posted by:

rjobe Fourth Degree Green Belt
Ninja since: 13 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ