SharePoint Online FIM Filters
Topic Last Modified: 2013-05-29
In Microsoft SharePoint 2007, user profile synchronization was managed using the Lightweight Directory Access Protocol (LDAP) available in Microsoft Office SharePoint Server (MOSS). The LDAP filter is inclusive, so LDAP queries must be defined to explicitly include the profiles that will be included in the profile store.
A new technology is available for use in SharePoint Online called Forefront Identity Manager (FIM). Contrary to the LDAP filter, the FIM filter is exclusive, so that all user objects and groups within the connected container that do not meet the FIM exclusion criteria are imported when creating the profile import connections.
In addition, FIM filters can be used in either of two varieties:
User filters – Sort profiles by individual user attributes.
Group filters – Sort profiles by the security groups to which they belong.
By using the FIM filter, customers can use the combination of group attributes and user attributes to effectively eliminate directory objects from being imported.
This topic outlines the configuration options for User Profile Import Connection. It attempts to demonstrate how to configure FIM filters by giving examples which address some real world business requirements as well as comparing import scenarios using the existing 2007 LDAP Filter and the FIM filter in SharePoint 2010.
The following subjects are covered:
How the LDAP filter in MOSS 2007 is different from FIM in SharePoint 2010
How to add multiple forests/domains to the profile imports
How to apply user and group filters with examples
Best practices / lessons learned