5 Replies Latest reply on Sep 17, 2019 1:27 AM by Lesley Ann Artiaga

    Pentaho Scirpt - Active Directory OU filters

    Samuel Joshi
      Share This:

      HI,

       

      I have Pentaho script created for pulling Active Directory data into BMC but the way it's working right now to sync all objects from AD.

       

      wondering if someone can help with the script to sync users from Specific OUs and where it can be added in Pentaho file.

       

      Thanks,

      Samuel -

        • 1. Re: Pentaho Scirpt - Active Directory OU filters
          Paul Donders

          Hi Samual,

           

          Please use the following;

           

          Select a step "LDAP input"

          Here add a script in "Search" like;

           

          (&(!(userAccountControl:1.2.840.113556.1.4.803:=65536))

          (mail=*)

          (sn=*)

          (!(sn=*Conference*))

          (!(sn=#*))

          (!(displayName=#*))

          (givenname=*)

          (objectClass=User)

          (!(memberof=CN=RemedyForce-Staff,OU=Common Groups,OU=Common,DC=<DOMAIN>,DC=com))

          (!(OU=Admin Accounts,OU=Corporate Administration,DC=<DOMAIN>,DC=com))

          (!(OU=Resource Accounts,OU=Exchange,DC=<DOMAIN>,DC=com))

          )

           

           

           

          Hope this helps?

           

          Paul

          2 of 2 people found this helpful
          • 2. Re: Pentaho Scirpt - Active Directory OU filters
            Samuel Joshi

            Hi Paul,

             

            Thank you so much for your assistance and sorry about delayed in response.

             

            I tried the script above and modified based on testing i am performing, since i am just testing for one OU called test, i have modified the script as bellow-

             

            (&(!(userAccountControl:1.2.840.113556.1.4.803:=65536))

            (mail=*)

            (sn=*)

            (!(sn=*Conference*))

            (!(sn=#*))

            (!(displayName=#*))

            (givenname=*)

            (objectClass=User)

            (!(OU=test,DC= <mydomainname>,DC=Local))

            )

             

            But it failed, though it still successful if I select Dynamic filter string, Please correct me where i am wrong.

             

            Once again i appreciate your assistance.

             

            Thanks,

            Samuel -

            • 3. Re: Pentaho Scirpt - Active Directory OU filters
              Samuel Joshi

              Hi Paul,

               

              I just tired other option by defining the search base to the specific OU and that worked for me and i still used (objectClass=User) as filter string to get accurate data.

               

               

              BMC1.PNG

               

              I guess, i got what i am looking for, thank you so much for your assistance

              • 4. Re: Pentaho Scirpt - Active Directory OU filters
                Roshan Shinde

                Hi Samuel,

                Did you also push the 'whenChanged' attribute from AD to the corresponding BMC AR System form ?

                If yes, then, were you able to get the correct data in the date field on the form ?

                The reason I am asking this is because, when we map the whenChanged attribute from AD to a date-time field on a staging form in Remedy, the date-time field is set with an incorrect value (eg: a date-time value in the future, which is certianly wrong in case of the whenChanged timestamp) when the Spoon job runs

                 

                Do you know about this issue and happen to know the fix for the same ? Do let me know

                 

                Thanks,

                Roshan.

                • 5. Re: Pentaho Scirpt - Active Directory OU filters
                  Lesley Ann Artiaga

                  Hi All,

                   

                  I have a case with the customer where I need to exclude the accounts which are already disabled.

                   

                  CUrrent job pulls all the profile from AD even if they are disabled.