Tuesday, May 3, 2016

Azure MFA–Directory Integration Filter

Here are a few options which you can use to filter objects from Active Directory when using  Directory Integration with Azure MFA.  The Azure on-premises MFA  server supports standard LDAP filter.  You can this filter in Directory Integration –> Synchronization –> User Filter:

image

For example,

if you want to filter or include users based on a group membership, you can use the memberOf attribute with distributedName of the security group as shown below:

(memberof=CN=MFASync,OU=Groups,DC=labanddemo,DC=com)

image

If you want filter or include users based on an attribute value, you can use (attributename=value) format as shown below:

(department=IT)

image

You can also use standard logical operator to combine your filter statement:

(|(memberof=CN=MFASync,OU=Groups,DC=labanddemo,DC=com)(department=IT))

image

0 comments:

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More