Active Directory/LDAP Filter in identityIQ

  • 7011006
  • 20-Apr-2012
  • 02-Nov-2012


NetIQ Access Governance Suite


How do I properly configure a search filter within the Active Directory or LDAP applications for my business needs?
For example, there is a field within the Active Directory application named "Filter String".


Search filters are not something developed for identityIQ. In other words, the product utlilizes generic search filter syntax.

Below is a Microsoft link explaining search filter syntax as well as providing several usage examples:

One could utilize a third party ldap browser to test various filter configurations. In fact, we encourage customers to do this type test configuration outside of identityIQ in order to eliminate identityIQ from any possible problems. Once you have a configuration working in the third party tool, you can transfer said configuration over to identityIQ. This also helps narrow down issues for support assistance (ex: is it an identityIQ issue or a problem outside of our product).

One free tool that can be used to do this is "Softerra LDAP Browser". When configured to connect to your Active Directory install, you have the option to specify a filter, which you can use to fine tune what you wish to eventually use in identityIQ. Below is a screenshot of an ldap browser with filter setting:

Screen shot 2012-04-17 at 2.27.21 PM.png