Environment
NetIQ Access Governance Suite
Situation
How do I properly configure a search filter within the Active Directory or LDAP applications for my business needs?
For example, there is a field within the Active Directory application named "Filter String".
Resolution
Search filters are not something developed for identityIQ. In other words, the product utlilizes generic search filter syntax.
Below is a Microsoft link explaining search filter syntax as well as providing several usage examples:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx
One could utilize a third party ldap browser to test various filter configurations. In fact, we encourage customers to do this type test configuration outside of identityIQ in order to eliminate identityIQ from any possible problems. Once you have a configuration working in the third party tool, you can transfer said configuration over to identityIQ. This also helps narrow down issues for support assistance (ex: is it an identityIQ issue or a problem outside of our product).
One free tool that can be used to do this is "Softerra LDAP Browser". When configured to connect to your Active Directory install, you have the option to specify a filter, which you can use to fine tune what you wish to eventually use in identityIQ. Below is a screenshot of an ldap browser with filter setting: