SharePoint 2007 – LDAP User Filters for Limiting User Profile Import

Posted on March 14, 2008 by Scott Wheeler

If you’ve ever tried to setup SharePoint 2007 to import user profiles via LDAP you’ll like this post.  The setup of the SSP to import profiles is a fairly simple task, but what is not that easy is applying the right LDAP user filter to import only the accounts that you desire from Active Directory.  I’d like to share with you my experience with applying user filters and some of the excellent user filter examples I have found.

Instructions for creating a new connection and applying an LDAP user filter to limit the profiles imported by your Shared Service Provider:

1. Log in to your SharePoint Central Administration site.
2. Select your Shared Service Provider and click on “User profiles and properties” under the “User Profiles and My Sites” column.
3. Click on the link, “Manage Connections”.
4. Click on “Create New Connection”.
5. Give the connection a meaningful name.
6. In the Directory service server name text box, enter the server name or IP address of your LDAP server.
7. Enter the LDAP user filter of your choice (see below for examples) .

Now you are ready to import your LDAP users into the profile database. Go back a screen and start a full import. Once the import starts enumerating you should see user profiles being imported into SharePoint. When the import is complete, click “View Profiles” to see what profiles were imported.

I’ve compiled a fairly good set of user filters below, feel free to submit a comment if you have others to add to the list.

Example LDAP User Filters

Default user filter:
(&(objectCategory=Person)(objectClass=User))

Exclude accounts with no email address:
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*))

Exclude disabled accounts:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Exclude accounts with passwords set to expire:
(&(objectCategory=person)(objectClass=user)(!userAccountControl=65536))

Include only the accounts with valid email addresses
(&(objectCategory=Person)(objectClass=User)(mail=*com)

Include only the accounts that are part of the Branch1 organizational unit
(&(objectCategory=Person)(objectClass=User)(memberof:1.2.840.113556.1.4.1941:=(CN=Authenticated Users,OU=Branch1,DC=domain,DC=local)))

Exclude accounts that don’t have a first name
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(!givenName=*)))

Other Resources

Wayne Hall – Importing only a specific group into sharepoint profile database (via LDAP)

MSDN – Active Directory Search Filter Syntax

LDAP Documentation – LDAP Attribute List

Filed under: Active Directory, MOSS 2007, Share Service Provider, SharePoint 2007 | 2 Comments »

Configure MOSS 2007 Site Usage Reports

Posted on February 6, 2008 by Scott Wheeler

SharePoint 2007 has built in usage reports that can easily be enabled to allow site administrators and site collection administrators to monitor statistics about the use of their sites. These reports are NOT turned on by default when install MOSS 2007.

Three Quick Steps to Configure Site Usage Reporting

  1. Enable Usage Logging in Central Administration
    A. On the Central Administration home page, click Operations.
    B. On the Operations page, in the Logging and Reporting section, click Usage analysis processing.
    C. On the Usage Analysis Processing page, in the Logging Settings section, select Enable logging.
    D. Type a log file location and number of log files to create.
    E. In the Processing Settings section, select Enable usage analysis processing, and then select a time to run usage processing.
  2. Enable Usage Reporting on SSP Admin Page 
    A. On the SSP home page, in the Portal Usage Reporting section, click Usage reporting.
    B. On the Configure Advanced Usage Analysis Processing page, in the Processing Settings section, click Enable advanced usage analysis processing.
    C. In the Search Query Logging section, select Enable search query logging.
  3. Activate the Reporting Feature for the Site Collection
    A. On the Site Actions menu, click Site Settings.
    B. On the Site Settings page, in the Site Collection Administration section, click Site collection features.
    C. On the Site Collection Features page, click the Activate button for the Reporting feature.

After site usage reporting is enabled the site administrators and site collection administrators will be able to view reports detailing:

  • Requests and queries in the last day and the last 30 days
  • Average number of requests per day over the last 30 days
  • Requests per day over the last 30 days
  • Top page requests over the last 30 days
  • Top users over the last 30 days
  • Top referring hosts over the last 30 days
  • Top referring pages over the last 30 days
  • Top destination pages over the last 30 days
  • Top search queries for the last 30 days
  • Search results top destination pages
  • Number of search queries per day over the previous 30 days
  • Number of search queries per month over the previous 12 months
  • Top search queries over the previous 30 days
  • Search Queries per search scope over the previous 30 days

Site collection administrators will be able to view reports detailing:

  • Total amount of storage used by the site collection
  • Percent of storage space used by Web Discussions
  • Maximum storage space allowed
  • Number of users for all sites in the hierarchy
  • Total hits and recent bandwidth usage across all sites

Filed under: MOSS 2007, Reporting, Share Service Provider, SharePoint 2007 | 3 Comments »