Ok, I've read many things in Itninja related to importing user and creating search filters, etc.. and I have gotten no where fast.  In fact, today the pass through authentication quit working and I didn't even touch that.  I'm trying to clean things up a bit in K1000 and here's what I want to do and not do.

1) I want to Import users from AD into the K1000 to get a good starting point for users.  Why? we have about 750 user/email accounts in our company but only 400 will need access to the K1000 for helpdesk/knowledge base use.  The other 350 users will Never utilize it.

2) I Don't want to import the 100+ security groups into the K1000.  These groups are of no use to our need and I'm in the process of eliminating about 70% of them. No one has a clue as to why we had so many or what they did.  Not talking about Built-in groups/groups created by Exchange, etc.

3) I want to import users from Specific AD OU's only.

The problem I keep running into - I open users > select User Import.  I enter the LDAP server IP, LDAP port (389), Search base DN (dc=mydomain,dc=com), Search filter (&(samaccountname=Kbox_USER)(memberof=OU=Users,OU=Customer Service,OU=BIL,DC=mydomain,DC=com).  This is where I can get nothing to work right.  The next screen requires an LDAP Uid, User Name & Email and all I see is No Value.

If I enter (objectclass=user) in the Search Filter then it works fine but now I get All 750 users and the 100 security groups that I don't want.

What am I doing wrong or not at all?

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0
Here's what I did which works great thus far for me....
Search string....
(&(&(&(objectCategory=person)(physicaldeliveryofficename=*)(objectCategory=user)
(mail=KBOX_USER)
)))

The string adds all the users in the domain that have the Location field in AD populated. PLEASE NOTICE... I am using the email address as the username. Change that last one to samaccountname=KBOX_USER if you want just the username used. You can change the (physicaldeliveryofficename=*) to whatever you want to filter by.

The way I got the search string was by using the Active Directory Users and Computers to create a Query then right click and choose Edit to see the Query string that you can copy. Add (samaccountname=KBOX_USER) to the string and you should be in business. You can query the specific OU's and have the search string created for you.

Hope this helps.
Answered 10/09/2014 by: h2opolo25
Red Belt

  • Thanks for the input. I understand what you are saying but I'm evidently not entering it right in kace. I can create a query in AD and pull user names from any of the specific OU's without issues. When I copy the query string into the "search Filter" in K1000 User Import I get Nothing. When I try it in the LDAP Browser - I get no entries.
    • Just noticed on your search string, you wrote MemberOf. That looks at security groups not OU's.
      • According to microsoft the proper way of doing it is to put * around the search string.

        http://msdn.microsoft.com/en-us/library/aa746475.aspx

        So it would be distinguishedName=*Users*

        KACE does not like this.
Please log in to comment
Answer this question or Comment on this question for clarity

Share