Skip to main content

Targeting Active Directory groups

You can restrict user listing to one or more named groups.

To restrict user listing by a single group membership, specify the Group on the Target system address configuration page.

Restrict user listing by multiple group memberships by listing groups in a group file, specified by the Group file field on the Target system address configuration page. This only restricts the listing of users as specified by the groups in the file; it does not restrict the listing of groups. To filter both users and groups, see Targeting multiple containers .

The file must be located in the \<instance>\script\ directory, and specify one group per line; for example:

 IT
 Sales
 Finance

By default if a group list includes invalid groups the list will return success. You can cause the listing to abort when invalid groups are detected by setting Abort listing when an invalid group is encountered.

Active Directory connector will not list anything if the group file is empty.

Any line that begins with a hash mark (#) is ignored by the connector. A group with a hash mark (#) at the beginning of its name must be escaped with a backslash (\).

Listing accounts from group membership recursively

You can restrict listing by membership of one or more groups and recursively list all users and computers contained within.

To list user and computer objects recursively, select the List nested groups option.

If specified, the connector recursively searches for groups managed by the groups specified in the address, then constructs an account list search based on all specified nested groups.

If not specified, only immediate members of a specified group are listed.

Listing managed group membership recursively

You can recursively list users’ group membership for groups contained within groups specified by the Groups to list users from option. To list group membership recursively, select the List members for nested groups option.

If selected, the connector recursively searches for groups managed by the groups specified in the address, then constructs a user list search based on all managed groups.

If not selected, only immediate members of a specified group are listed.

Ensure the account uniqueness in a group and its nested group to prevent group member duplication in the native system. For example, if Group1 contains User1, and Group2 contains Group1, then Group2 implicitly has User1 as member and will be returned if nested group listing is enabled. However, if User1 is explicitly added to Group2 as a member, after listing, Group2 will have duplicate User1 members.

In this section: