I was wondering if it would be possible to exclude these AD user profiles during the profile import in SharePoint. After a little search, I found the solution to obtain this.
You need to go to your SharedServiceProvider (from within the Central Administration). Navigate to 'User Profile and Properties' > 'Manage Connections'.
Here you will find the field called 'User filter'. The content will look like this (which is default):
Between '(&' and the last ')' (let's say the filter placeholder) you can add fields you want to filter on. Add the following string just after the last fieldfilter to exclude those user accounts that are disabled in AD:
(!userAccountControl:1.2.840.1135188.8.131.523:=2)So the entire string will be like this:
(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.1135184.108.40.2063:=2))If you also want to include only those user accounts where (e.g.) the company name is filled in, you need to include (company=*). In reverse, if you want to exclude those that have a company name, just place a exclamation mark right for company: (!company=*). The 'include' version will then look like this:
(&(objectCategory=Person)(objectClass=User)(company=*)(!userAccountControl:1.2.840.1135220.127.116.113:=2))An easy way to figure out to create your own filtersyntax (like company start with 'bla'), you can build easily a query inside AD which will show you the correct syntax.