Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Custom LDAP Filter - Expiring Accounts

I am using the following custom LDAP filter with CUCM/Unity Connection to sync users from AD;

(&(objectClass=user)(|(accountExpires=9223372036854775807)(accountExpires=0)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

The first part denotes the object needs to be a user, second part looks for accounts which are not expired, the third part checks that the account is not disabled and finally that the ipPhone field is populated.

The filter does work however there is a slight issue in that the client sets user accounts to expire in the future, this then sets a value in the accountExpires attribute (Interger8 Date/Time). Once set this value remains constant and I assume AD queries this against its local Date/Time to determine the status of the account.

Is it possible to create a filter to include accounts that have not yet expired but are set to expire in the future and then remove them once the expiry date has past?

Everyone's tags (1)
47
Views
0
Helpful
0
Replies