Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
0
Replies

Custom LDAP Filter - Expiring Accounts

Richard Simmons
Level 3
Level 3

‎07-09-2014 04:08 AM - edited ‎03-19-2019 08:22 AM

I am using the following custom LDAP filter with CUCM/Unity Connection to sync users from AD;

(&(objectClass=user)(|(accountExpires=9223372036854775807)(accountExpires=0)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

The first part denotes the object needs to be a user, second part looks for accounts which are not expired, the third part checks that the account is not disabled and finally that the ipPhone field is populated.

The filter does work however there is a slight issue in that the client sets user accounts to expire in the future, this then sets a value in the accountExpires attribute (Interger8 Date/Time). Once set this value remains constant and I assume AD queries this against its local Date/Time to determine the status of the account.

Is it possible to create a filter to include accounts that have not yet expired but are set to expire in the future and then remove them once the expiry date has past?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents