4.3 Editing Connection Filters
At this point, you could proceed with a
full profile synchronization, but it is a good practice to add
connection filters before you start the process. It will make the
synchronization execute faster, and it will keep your user profile
database more compact. You can filter on numerous Active Directory
attributes, but Table 2 lists some common filters that should be used in most environments.
TABLE 2: Common Exclusion Filters
Follow these steps to configure exclusion filters for users:
1. Under the Synchronization section of the Manage User Profile Service page, click Configure Synchronization Connections.
2. Hover over
the connection you want to configure, click to reveal the drop-down
menu, and then click Edit Connection Filters, which takes you to the
Edit Connection Filters dialog shown in Figure 6.
3. From here
you can create filters that apply to users and to groups. You can also
create multiple filters, and then decide whether all the filters need
to be applied
together to filter the user, or if each of the filters is
applied individually to filter users. This difference is determined by
which option is enabled: All apply (AND) or Any apply (OR). Select the
option you desire. If you’re unsure, select the OR option.
4. In the Attribute drop-down menu, choose the attribute that should be used for filtering.
5. In the drop-down menu of the Operator field, select the operator that you want applied.
6. Enter the value of the attribute that will be used to determine whether a user account is excluded.
7. Click Add. Figure 7 shows an example of an exclusion filter. Notice that the filter can be removed after it has been added.
You can create additional filters using
the same process, and you can add exclusion filters for groups. When
you are finished adding filters, click the OK button at the bottom of
the dialog to save your changes.
