Today I was asked how to filter out computer objects when importing your Organizational structure into WebSpy Vantage.
The default LDAP query when you first run through the Import Organization wizard should filter these computers objects out. The query is:
In Active Directory, computers do not generally have an objectCategory equal to Person. Computers usually have the objectCategory ‘Computer’.
If by chance your computers are not being excluded by this filter, you could exclude all objects without an email address. This of course assumes that all users you want to import have an email address populated in Active Directory. To exclude objects without email addresses, the filter becomes:
Another useful addition to the query is to exclude users that have been disabled in Active Directory. You usually disable an account when a person leaves the organization, but you still need their user profile in Active Directory for whatever reason. This query is slightly less obvious:
For information on what the numbers mean in the query above, see How to query Active Directory using a bitwise Filter
Another question I’m often asked is how to exclude specific OUs from a query. Unfortunately LDAP does not support this concept and the only way to do this is to run multiple queries on different root level DNs. This means running through the Import Organization wizard multiple times with a different Root Distinguished Name each time, and the ‘Merge’ options set to ‘Keep users that are no longer in the directory’ and ‘Keep existing user details’.
If you have other helpful LDAP queries, please leave a comment below.
Latest posts by Scott (see all)
- Creating a Remote Desktop Report (RDP Connections) with WebSpy Vantage - February 15, 2016
- Distributing Web Activity Reports to Managers Using WebSpy Vantage - February 3, 2016
- Web Activity Reporting with Palo Alto Firewall Log Files - December 15, 2015