Procedure
- Go to the directory where the Directory Synchronization Tool is installed.
- Open the
clientconf.xmlconfiguration file. - Customize search filters based on your requirements.For Microsoft Entra ID, use the
$filterparameter provided by Microsoft Graph to define search filters. For other source types, use LDAP syntax filters to define LDAP search filters.
Note
For valid recipient filters, it is recommended that you disable Recipient Filter on the administrator console and verify customized filters to avoid unexpected email loss for valid recipients. After verification, enable Recipient Filter for the customized filters to take effect.To disable or enable Recipient Filter, go to on the administrator console.Source TypeProcedureMicrosoft Active Directory and Microsoft AD Global CatalogWithin the <default> section, add customized filters as follows:-
To create a filter for valid recipients, specify a value for <customizedFilter> in the <validRecipient> tag.
-
To create a filter for group members, specify a value for <customizedFilter> in the <members> tag.
-
To create a filter for email aliases, specify a value for <customizedFilter> in the <emailAliases> tag.
Open LDAPWithin the <openLDAP> section, add customized filters as follows:-
To create a filter for valid recipients, specify a value for <customizedFilter> in the <validRecipient> tag.
-
To create a filter for group members, specify a value for <customizedFilter> in the <members> tag.
-
To create a filter for email aliases, specify a value for <customizedFilter> in the <emailAliases> tag.
IBM DominoWithin the <dominoLDAP> section, add customized filters as follows:-
To create a filter for valid recipients, specify a value for <customizedFilter> in the <validRecipient> tag.
-
To create a filter for group members, specify a value for <customizedFilter> in the <members> tag.
-
To create a filter for email aliases, specify a value for <customizedFilter> in the <emailAliases> tag.
Microsoft Office 365/Microsoft Entra IDWithin the <AAD> section, add customized filters as follows:-
To create a filter for valid recipients, specify a value for <rcptCustomizedFilter>.
-
To create a filter for email aliases, specify a value for <aliasCustomizedFilter>.
Note
Note that some special characters need to be replaced with escape characters in your syntax.-
Use "&" instead of "&".
-
Use "<" instead of "<".
-
Use ">" instead of ">".
If you are using Microsoft Active Directory or Microsoft AD Global Catalog:-
To filter out disabled users from valid recipients, use the following syntax:
<validRecipient> <objectClass>*</objectClass> <customizedFilter>!(useraccountcontrol=514)</customizedFilter> <emailAttr>mail</emailAttr> <emailAttr>proxyAddresses</emailAttr> </validRecipient>
-
To filter out disabled users that belong to a specific domain from valid recipients, use the following syntax:
<validRecipient> <objectClass>*</objectClass> <customizedFilter>&(!(useraccountcontrol=514))(proxyAddresses=*@example.com)</customizedFilter> <emailAttr>mail</emailAttr> <emailAttr>proxyAddresses</emailAttr> </validRecipient>
If you are using Microsoft Entra ID:-
To filter out disabled users from valid recipients, use the following syntax:
<AAD> <rcptObjectClass>users,groups</rcptObjectClass> <rcptCustomizedFilter>accountEnabled eq true</rcptCustomizedFilter> <emailAttr>mail,proxyAddresses</emailAttr> <primaryEmailAttr>mail</primaryEmailAttr> <aliasObjectClass>users,groups</aliasObjectClass> <aliasCustomizedFilter></aliasCustomizedFilter> <aliasIdentifier>id</aliasIdentifier> <groupsDisplayNameAttr>displayName</groupsDisplayNameAttr> <membersObjectClass>users,groups</membersObjectClass> <membersDisplayNameAttr>displayName</membersDisplayNameAttr> <membersFirstNameAttr>givenName</membersFirstNameAttr> <membersMiddleNameAttr></membersMiddleNameAttr> <membersLastNameAttr>surname</membersLastNameAttr> <membersTitleAttr>jobTitle</membersTitleAttr> </AAD>
-
To filter out disabled users whose email addresses start with "test" from valid recipients, use the following syntax:
<AAD> <rcptObjectClass>users,groups</rcptObjectClass> <rcptCustomizedFilter>accountEnabled eq true and startswith(mail, 'test')</rcptCustomizedFilter> <emailAttr>mail,proxyAddresses</emailAttr> <primaryEmailAttr>mail</primaryEmailAttr> <aliasObjectClass>users,groups</aliasObjectClass> <aliasCustomizedFilter></aliasCustomizedFilter> <aliasIdentifier>id</aliasIdentifier> <groupsDisplayNameAttr>displayName</groupsDisplayNameAttr> <membersObjectClass>users,groups</membersObjectClass> <membersDisplayNameAttr>displayName</membersDisplayNameAttr> <membersFirstNameAttr>givenName</membersFirstNameAttr> <membersMiddleNameAttr></membersMiddleNameAttr> <membersLastNameAttr>surname</membersLastNameAttr> <membersTitleAttr>jobTitle</membersTitleAttr> </AAD>
-
To filter out users whose email addresses start with "test_user" and groups whose email addresses start with "test_group" from valid recipients, use the following syntax:
Note
If you create one recipient filter with <rcptCustomizedFilter>, this filter is applicable only to the first object specified in the <rcptObjectClass> tag. You can create multiple recipient filters following the object order in the <rcptObjectClass> tag.The situation is the same with <aliasCustomizedFilter>.<AAD> <rcptObjectClass>users,groups</rcptObjectClass> <rcptCustomizedFilter>startswith(mail, 'test_user')</rcptCustomizedFilter> <rcptCustomizedFilter>startswith(mail, 'test_group')</rcptCustomizedFilter> <emailAttr>mail,proxyAddresses</emailAttr> <primaryEmailAttr>mail</primaryEmailAttr> <aliasObjectClass>users,groups</aliasObjectClass> <aliasCustomizedFilter></aliasCustomizedFilter> <aliasIdentifier>id</aliasIdentifier> <groupsDisplayNameAttr>displayName</groupsDisplayNameAttr> <membersObjectClass>users,groups</membersObjectClass> <membersDisplayNameAttr>displayName</membersDisplayNameAttr> <membersFirstNameAttr>givenName</membersFirstNameAttr> <membersMiddleNameAttr></membersMiddleNameAttr> <membersLastNameAttr>surname</membersLastNameAttr> <membersTitleAttr>jobTitle</membersTitleAttr> </AAD>
-
- Save your changes and exit.