Michigan Endpoint Management User Group

Expand all | Collapse all

Ad Sync but ignore a segment or OU?

Jump to Best Answer
  • 1.  Ad Sync but ignore a segment or OU?

    Posted 06-07-2011 02:37 PM

    Just jumping into the CMS 7.1 world and looking to import all our AD computers EXCEPT those from a certian location because we do not manage those. Can I set up the AD Sync to ignore an OU or Segment(s)?



  • 2.  RE: Ad Sync but ignore a segment or OU?
    Best Answer

    Posted 06-07-2011 03:15 PM

    The easy way to do this is:

    On the AD Import Entry, on the "starting from <domain>" portion, check the box for each of your top level OUs within the domain.  You will have to maintain this if you often add top level domains however.

    Alternatively, where it says "Import some <users/computers>" you can use an LDAP filter.  An example of this might be:

    (&(objectCategory=computer)(!ou=Discard))

    This should import computers where the OU is not "Discard."

    Hope this helps.

    Joe



  • 3.  RE: Ad Sync but ignore a segment or OU?

    Posted 06-07-2011 03:44 PM

    Thanks for the assist ... now for a related question:

    If I have the set schedule for the computer import set to UPDATE daily, do I also need to enable the directory Synchronization Schedule or will my Daily Update for the import task be enough?



  • 4.  RE: Ad Sync but ignore a segment or OU?

    Posted 06-07-2011 04:19 PM

    The task schedules (either update or full) are additive only.  Use Directory Synchronization Schedule to delete items from NS that are no longer in AD.



  • 5.  RE: Ad Sync but ignore a segment or OU?

    Posted 06-07-2011 04:30 PM

    Thanks again! I've been using CMS/SMS 6.x since 2004 so the basic concepts are not new, but 7.1 is a whole new world! So far so good ... now on to get Invnetory and Patch Management working in our test environment so we can go live hopefully in July!