1 Reply Latest reply on May 26, 2017 5:40 PM by Thomas Dodds

    Exclude DISABLED users in AD from coming into OBIEE


      Hi !


      This is a question :


      Many organisations do not delete old/inactive users in AD ( Active Directory)

      They simply make them as DISABLED.

      When LDAP is integrated in OBIEE, it brings in both Enabled (Active) and Disabled users.

      We would like exclude those disabled users at the LDAP integration level.


      We found out in another website that there seems to be one attribute/value

      that filters Disabled users out. [(!userAccountControl:1.2.840.113556.1.4.803:=2)]


      I would like to know your inputs on the same.

      Just in case the said attribute/value is correct and if should try it out then my question is where exactly I should write it.


      I have the documentation on LDAP integration with OBIEE including snapshots. Now here are several config attributes such as -

      Where exactly should I put that value ? Any idea ?



      User Base DN

      All Users Filter

      User From Name Filter

      User Name Attribute

      Object User Class

      Group Base DN

      All Groups Filter

      Group From Name Filter


      (Note- Please ignore if there are any typos in my writing)