Exclude DISABLED users in AD from coming into OBIEE

User_E9OMM

Hi !

This is a question :

Many organisations do not delete old/inactive users in AD ( Active Directory)

They simply make them as DISABLED.

When LDAP is integrated in OBIEE, it brings in both Enabled (Active) and Disabled users.

We would like exclude those disabled users at the LDAP integration level.

We found out in another website that there seems to be one attribute/value

that filters Disabled users out. [(!userAccountControl:1.2.840.113556.1.4.803:=2)]

I would like to know your inputs on the same.

Just in case the said attribute/value is correct and if should try it out then my question is where exactly I should write it.

I have the documentation on LDAP integration with OBIEE including snapshots. Now here are several config attributes such as -

Where exactly should I put that value ? Any idea ?

Principal

User Base DN

All Users Filter

User From Name Filter

User Name Attribute

Object User Class

Group Base DN

All Groups Filter

Group From Name Filter

(Note- Please ignore if there are any typos in my writing)

Regards

AM

Thomas Dodds

Perhaps an LDAP strategy of moving disabled accounts to a disabled group out of the active group(s) [in addition to marking them disabled] ... then you are pulling only from the active set.