Here is an example of importing User Profiles of Enabled user accounts from AD -
To import user profile information of user accounts that are enabled in Active Directory to SharePoint Server 2010, follow these steps:
- On the Manage Profile Service page, click Configure Synchronization Connections.
- On the Synchronization Connections page, click the Active Directory connection that you want to edit, and then click Edit Connection Filters.
- On the Edit Connection Filters page, follow these steps:
- In Exclusion Filter for Users, change the Attribute drop-down to userAccountControl.
- In Exclusion Filter for Users, change the Operator drop-down to Bit on equals.
- In the Exclusion Filter for Users, select Filter box type to 2.
- Click Add.
- Click OK.
Note: Similar to userAccountControl attribute you can create a combinations of Exclusion Filter for Users and Exclusion Filter for Groups with a lot of other AD attributes.
A second option which also can be used to filter out user profiles based on OU(s)/user(s)/Group(s) directly from Synchronization Connections. If you already have a synchronization connection then follow these steps for filtering users based on OU(s)/user(s)/Group(s).
- On the Manage Profile Service page, click Configure Synchronization Connections.
- On the Synchronization Connections page, click the Active Directory connection that you want to edit, and then click Edit.
- On the Edit synchronization connection page, follow these steps:
- Click on "Populate Containers" button, (make sure that you entered the password for AD sync account).
- Expand the tree view and uncheck any OU from which you don't want user profiles.
- You can also expand any OU and uncheck any user/group that you don't want to import.
- Click OK.
Issue to be aware of - I was able to select same criteria multiple times and it allowed me to save my synchronization connection without any problem. That was kind of odd. See below
Attribute Operator Filter Action accountExpires Is present accountExpires Is present division Equals A division Equals A
Except this one issue it really works well.
- In Exclusion Filter for Users, change the Attribute drop-down to userAccountControl.
- In Exclusion Filter for Users, change the Operator drop-down to Bit on equals.
- In the Exclusion Filter for Users, select Filter box type to 2.
- Click Add.
- On the Manage Profile Service page, click Configure Synchronization Connections.
- On the Synchronization Connections page, click the Active Directory connection that you want to edit, and then click Edit.
- On the Edit synchronization connection page, follow these steps:
- Click on "Populate Containers" button, (make sure that you entered the password for AD sync account).
- Expand the tree view and uncheck any OU from which you don't want user profiles.
- You can also expand any OU and uncheck any user/group that you don't want to import.
- Click OK.
Attribute Operator Filter Action
accountExpires Is present
accountExpires Is present
division Equals A
division Equals A
