Hi Mohamed,
No, that is incorrect - as I mentioned we do NOT map by OU, only by GROUP. You can ONLY map an active directory GROUP to a Service Desk Access Type.
Example:
User: Mohamed
Active Directory Group: IT
IF you have the ldap_group_enable option turned on in Service Desk, and you have an Access Type in Service Desk called "IT" - then it will give that user the access type of "IT" when using ldap import or ldap sync.
If the account changes on the AD side as follows:
User: Mohamed
Active Directory Group: HR
If you have an access type in Service Desk called "HR" then when ldap import or ldap sync is run, it would change Mohammed's access type to HR.
Again ONLY based on Active Directory GROUPS, and NOT OU's.
We do not have any functionality to interact with OUs.
Hope this helps clarify.
Jon