October 22nd, 2009Filtering User Profile Data From Active Directory on Import
One of my favorite features to demo on SharePoint is its incredible searching capabilities. It is, by far, the feature that elicits the greatest reaction.
More specifically, I just plain LOVE the way SharePoint handles searching for people within the organization.
However, the data comes from our Active Directory schema and if your organization is anything like ours, it’s not the cleanest set of data.
For instance, I was finding devices, voicemail boxes, security and distribution groups, and all sorts of other objects showing up in my people results.
I did some binging around the Internet and discovered Mindsharp’s blog.
They had a couple of posts regarding filtering profile data within SharePoint.
This one written by Wayne Hall (archived) and
this one written by Daniel A. Galant.
Here’s the breakdown:
1. Go to your Central Administration site and select your Shared Service Provider. It may require you to log in under the farm administrator account.
2. Under User Profiles and My Sites, select: “User profiles and properties”.
3. On the User Profiles and Properties page, select: “View import connections”.
4. You can select “Create New Connection” or edit an existing connection.
You’ll have to specify your own domain controller information (most of it is already auto detected). The most important item is “User filter”.
The user filter allows you to specify criteria you would like included or excluded from the import. There is a variety of options to explore using LDAP query filters. There are SO many resources out there to explain writing LDAP filter queries. Here’s one to get you started.
The query that I decided to use, was this:
(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
This, essentially, filters the Active Directory schema to only import those objects that:
1. (objectCategory=person) = are under category “person”.
AND
2. (objectClass=user) = are of class “user”.
AND
3. (sn=*) = have a surname [Last Name].
AND
4. (mail=*) = have a valid e-mail address.
AND
5. (showInAddressBook=*) = are available in our corporate address book.
AND
6. (!(userAccountControl:1.2.840.113556.1.4.803:=2)) = is an account that is active.
This filter eliminated over 9,000 unnecessary items in our user profile list making our people search far more effective.
NOTE : One area that messed me up was setting the Scope to “One level”. This was producing an error:
This was occurring because the filter was searching for items at the root level. Because I had no items that matched my criteria, at the root level, it was returning no results.
Once I selected the option “Subtree” it searched the entire schema and I was all aboard the Gravy Train Express.
March 29th, 2010 at 2:26 pm
This is awsome, Ive been working on so many sides to Sharepoint, I dont have time to go back and look at all the little annoyances that keep coming up. This saved me lots of time. I appreciate it.
By the way, Im the Sharepoint Admin for Hanford Elem where you wife works.
April 20th, 2010 at 8:18 am
David — Glad you found my posts to be helpful. From what I hear from my wife, you all are doing great work out there. Keep it up!