I have trouble setting up an Active Directory filter to synchronize a MySQL database containing all my users. And I can not create a filter that only retrieves users with an update date greater than a given date.
I tried using uSNChanged attribute on my filter but it returns me 0 result.
Any suggestion is welcome thanks to all
You would search by the
whenChanged attribute. Something like this:
The format is pretty straight forward:
For example, in my example above I used today’s date at 3:00pm eastern.
There are a couple caveats to keep in mind:
whenChangedattribute is not exactly the same on every domain controller, but they will be close (within a half hour). The reason is because of replication – the time is set to the time each DC received the change.
- When a user logs in, the
lastLogontime is updated, and that triggers the
whenChangedattribute to be updated. So just because
whenChangedchanges, it doesn’t mean someone modified the account. This also means that this search will return more accounts than you may expect.