LDAP Sync -> ignore disabled accounts

[MalteKiefer]

Hello,

my current LDAP filter looks like this: objectClass=organizationalPerson.
How must I change this, that user accounts that are disabled not get sync?

[TShiremanLCOG]

Here is one that has worked for me. It ensures that you get user accounts (the objectCategory and Class plus the groupID) that are active (the userAccountControl portion) and that have an email set (the mail portion). It also allows you to exclude some accounts (the !mail portion) if you don't want those syncing:

&(objectCategory=Person)(objectClass=User)(primaryGroupID=513)(mail=*@yourcompany.com)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountType=805306368)(!(mail=[email protected]))(!(mail=[email protected]))