Filter AD Sync by OU

You can construct a sync in which you include all of the desired top level OUs and it will automatically sync their child OU’s. For the following fields in the sync settings (Full Domain Name, Domain Controller, Username, Start) you will need to duplicate the appropriate information for each additional OU you would like to target, separating each additional set of information with a semi colon.

Full Domain Name: sqbox.com;sqbox.com 
Domain Controller: sqboxDC1;sqboxDC1 
Username: sqbox\administrator;sqbox\administrator 
Password: ******** (Password is entered only once, regardless of the number of OU's synced. Do not separate multiple passwords with a semi-colon)

Now, in the Advanced Options ---> Start field, enter the full canonical location of each OU separated by a semi colon:

Start: OU=developers, DC=Sqbox, DC=Com; OU=Support, DC=Sqbox, DC=Com

Alternatively, if your users are located within a container, the path would look similar to: CN=developers, DC=Sqbox, DC=Com; OU=Support, DC=Sqbox, DC=Com

Of course, I've demonstrated the ability to sync multiple OUs but targeting a single OU will work just fine.

Alternatively, you can filter your AD synchronization based on group membership. For more information on this method, please view:

Filter AD Sync by Group

Referenced by:

Have more questions? Submit a request

0 Comments

Article is closed for comments.