Adaxes

How can I exclude users in a specific OU from object selection for 'Delete User' ?

0 votes

Hi there,

I've created a Delete User feature in the Web Interface Configurator. I am trying to restrict object selection via a User Criteria. Need to exclude Service Accounts, but they have no attributes which separate them from regular users except for their organisational unit.

My service accounts are in two OUs, as per the screenshot below (see LDAP filter) - unfortunately this did not work.

(&(objectClass=user)(!(|(distinguishedName:dn:=OU=Service Accounts,OU=Global Users,OU=Everlight Radiology,DC=ipo,DC=local)(distinguishedName:dn:=OU=Everlight Service Account,DC=ipo,DC=local))))

image.png

I can successfully exclude accounts based on SAM Account Name - But I've tried using multiple LDAP filters to exclude these OUs based on the distinguished Name of the object containing the path to the OUs - without success.

I've also tried using the "Organizational Unit is not <OU>" criteria - Attempting this with: is not, does not contain, does not end with - No luck. Tried changing the OU to just the name e.g. "Service Accounts" and also the full DN.

Can anyone suggest a filtering method that should work? End goal is that any user object in a specific OU won't appear when selecting target user for the 'Delete User' feature.

Thanks,

David

by (80 points)

1 Answer

0 votes
by (288k points)

Hello David,

Unfortunately, there is no such possibility due to the way location queries work. You can only specify a single location in the Only objects located under option. However, thank you for the suggestion. We forwarded it to the corresponding department for consideration.

Related questions

0 votes
1 answer
Is it possible to setup a an object selection on Users in folders with a specific name

We're trying to setup a new action in our Web interface that runs on User's that are currently in an OU called 'New Starters' that is in all of our domains (An ... no results, There are no other fields we can use that are unique to accounts in those OUs

asked Feb 7, 2020 by richarddewis (260 points)
0 votes
1 answer
Exclude copied user accounts from being added to security groups in a certain OU.

When a new user account is created by copying an existing one, is it possible to prevent the new account from becoming a member of security groups in a specific OU (when the ... same way as the account being added to the group, which I need for audit purposes.

asked Sep 28, 2020 by markcox (70 points)
0 votes
1 answer
On the built in Create User, how can I get the ability for the user to choose a different domain in the username field?

Using this built in function: There is no option to change the domain on the user account, however this is not the domain we use for UPN. However after creating a user, you can change it but trying to avoid going back into the object.

asked Apr 14, 2023 by mightycabal (1.0k points)
0 votes
1 answer
When configuring web page - under "Object Selection" - you can only choose 1 location (OU) - how to choose multiple?

When configuring web page - under "Object Selection" - you can only choose 1 location (OU) when you select "Allow selecting only AD objects located under" - is there a way to have multiple OUs instead - perhaps using a LDAP filter?

asked Feb 2, 2021 by foleyjm (20 points)
0 votes
1 answer
When creating a username, can I target specific characters from the user's names?

Example: If a user has a ' in theirname: Fred J O'neal. Normally the username is set as %lastname:lower,4%%firstname:lower,3%%initials:lower% Problem is o'nefrej would be the result. ... name", "Information") $username = #this is what I'm not sure how to do?

asked Dec 6, 2022 by mightycabal (1.0k points)
3,541 questions
3,232 answers
8,225 comments
547,802 users