By default, the pdm_ldap_import and pdm_ldap_sync utilities do not take into account whether the AD account is inactive or active. The workaround I use is to:
- Uninstall the ldap_user_object_class option in Options Manager.
- Execute these 2 commands to add options to the NX.ENV (restart SDM to take effect)
pdm_options_mgr -c -a pdm_option.inst -a option.inst -s LDAP_FILTER_PREFIX -v "(&(objectClass=user)(sn=*)(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))"pdm_options_mgr -c -a pdm_option.inst -a option.inst -s LDAP_FILTER_SUFFIX -v ")"Suggest you do this in a test environment first.
Run the commands again with the
-t option to update the NX.env.tpl file so that changes are not lost if you later run a pdm_configure.
------------------------------
Lindsay Estabrooks
Principal Consultant
IT-EDU Consultants
------------------------------
Original Message:
Sent: 06-26-2019 10:00 AM
From: Mohaned Bakr
Subject: SDM Sync the enabled/disabled contacts in AD
Hi all,
I need the SDM synchronize the enabled/disabled contacts in AD to be Active/inactive in SDM
any idea's
Regards,
------------------------------
Eng. Mohanad Bakr
Professional Services Manager
Future Systems
------------------------------