When selecting an option to skip AD default objects on Skip Objects TAB of domain pair properties, objects such as in the list below are NOT skipped:
DHCP Administrators
DHCP Users
DnsAdmins
DnsUpdateProxy
Exchange Domain Servers
Exchange Enterprise Servers
Exchange Services
IIS_WPG
MTS Trusted Impersonators
RTCABSDomainServices
RTCArchivingDomainServices
RTCDomainServerAdmins
RTCDomainUserAdmins
RTCHSDomainServices
RTCProxyDomainServices
SMSMSE Admins
SMSMSE Viewers
TelnetClients
Terminal Server Computers
WINS Users
Why is this happening?
Previewing the LDAP filter is a nice way to see what objects are in scope as far as dirsync is concerned. Also these LDAP queries can be used to get the list of such users and groups from AD for better picture of what objects are going to be filtered out:
In addition, the above listed AD objects (groups) are not considered built-in by Microsoft. According to the following AD documentation:
http://technet.microsoft.com/en-us/library/bb727067.aspx
Built-in groups:
Account Operators
Administrators
Backup Operators
Guests
Print Operators
Replicator
Server Operators
Users
There are two easy workarounds to exclude undesired AD objects from synchronization job:
1. Not including OU into DSA synchronization scope.
2. Exclude such objects on the properties of Synchronization job - Specify Source Scope - Set Filter - Exclude List.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center