How do I configure an ADC CA LDAP filter? (NETIQKB4448)

  • 7704448
  • 02-Feb-2007
  • 08-Sep-2008


How do I configure an ADC CA LDAP filter?

Exchange Migrator 1.x

Exchange Migrator 2.x

This article details how you can create an ADC Connection Agreement (CA) LDAP filter that will stop replication of objects with Custom Attribute 11 populated as "netiq". This filter will be useful when migrating Intra-Org (site to site) using Exchange Migrator, and you want to turn on ADC replication again after you have completed the migration.

First, objects that are not to be replicated to the target need to have a Custom Attribute populated with "netiq".  Please go through the following NetIQ knowledgebase article to accomplish this:

How to: Set a Custom Attribute for use with an ADC CA LDAP filter?

The following set of instructions will create the ADC CA filter to prevent objects replicating from the source Exchange 5.5 directory to the Windows 200 Active Directory.

Next, you have to populate the MSExchServer2 SearchFilter property with the following instructions:

  1. Open 'ADSI Edit' (Included in the Windows 2000 Support tools).
  2. Expand the 'Configuration Container'.
    • -CN=Services
    • --CN=Microsoft Exchange
    • ---CN=Active Directory Connections
  3. Right-click one of the Connection Agreements in the right hand pane.
  4. Select the MSExchServer2 SearchFilter property under "Select property to view:"
    Currently, you may have something like:

    In notepad add the red text to your value
    (&(!(Extension-Attribute-11=netiq)) ( (|(objectclass=organizationalPerson)(objectclass=remote-address)(objectclass=groupOfNames))))

Once you paste this new value into "Edit Attribute:", click "Set", and then "OK" the ADC CA will not replicate any object that has Custom Attribute 11 set to "netiq". Please note that you can use any custom attribute, and you can use whatever text you want to populate the attribute. You will just have to make the appropriate modifications to both the value added to the property and the script provided in NETIQKB17983.

You should not configure the Default CA to filter on these properties.


This ADC CA LDAP filter and any related documentation is provided "AS IS," and NetIQ makes no warranties with respect to it, or its use or operation.  NetIQ has no responsibility for any impact arising from your use of the scripts provided.  The ADC LDAP filter should be fully tested in a lab environment before using in any production environment.  Please do not use this filter until you are completely satisfied that it will work based on your complete testing matrix within a lab environment.

Additional Information

Formerly known as NETIQKB4448