Using Identity Connect UI to configure the Active Directory Connector
|Knowledge Article Number||000205680|
|Description||How to use the Group and User Filter in the Identity connect or trying to limit the user in Identity connect
|Resolution||You can use the Identity Connect UI to configure the Active Directory Connector. Instructions for setting up the user and group filters are documented in Section: Configuring the Active Directory Connector of the user guide available at
It's recommended that you first use the "Base Context" setting to narrow the scope of user and group searches. The "User Filter" and "Group Filter" settings should be used only to exclude those few records that should be filtered from the "Base Context".
For example, please refer the screenshot on page 24 of the User Guide, you will see that in this example:
• Identity Connect will search for all users and groups in 2 base contexts: "CN=users,DC=example,DC=com" and "CN=employees,DC=example,DC=com"
• Within those 2 base contexts, when user searches are performed, the "User Filter" will enable Identity Connect to select all records with an objectClass of "user" that does not also have an objectClass of "Computer"
• Similarly, within those 2 base contexts, when group searches are performed, the "Group Filter" will enable Identity Connect to select all records with an objectClass of "group" that does not also have the cn of
Page 27 of the User Guide provides more details about how to update the "User Filter" and "Group Filter" settings. If you clicks on the "User Filter" text box, it will open a dialog to create additional user filters using the standard LDAP filter syntax: