LDAP record synchronization Administrators can synchronize inactive, disabled, or deleted LDAP records with their LDAP records. LDAP record synchronization is the process of detecting inactive records on the LDAP server and updating the corresponding LDAP records. Detecting inactive LDAP records involves defining consistent data indicators for each user object, importing LDAP data, and evaluating the data indicators. A data indicator can be: a date field membership in a specific OU (identify by parsing the dn attribute), using the useraccountcontrol attribute a combination of these indicators Imported data comes into the instance through import set tables where the data can be evaluated and processed. The import process can use: LDAP extraction: a single import job to gather all user records into the import set temporary tables for evaluation LDAP refresh filters: multiple import jobs to divide different types of user records, segregating records for separate processing LDAP refresh filters Filters on the LDAP refresh process can be used to specify processing that ignores inserts of disabled users.LDAP extractionAn LDAP extraction process can be implemented to detect disabled users.Inactive LDAP user accountsDetect that an existing, current, user account is inactive or has been disabled or deleted from an Active Directory (AD) LDAP.LDAP script examplesThe following script examples assume you use an Active Directory (AD) for your LDAP server.