Hello,

We have setup the integration between ECC EHP7 with Microsoft Active Directory system to create the users in SAP. In our AD, we have more 40 OU's with more than 900 users. In transaction code LDAP, we have created separate LDAP server for each OU of AD. Total 40 LDAP servers are created in LDAP transaction code.

In our organization, out of 900 total users approximately 300 users are the active members of SAP. In Active Directory we have created a group as SAPERP and added the required 300 users in the SAPERP group.

When we trying to fetch the user through report RSLDAPSYNC_USER, all the users which are present in the OU are created in SAP. We want to restrict the user creation and want to fetch only the users which are member of SAPERP group.

I have schedules a background job which runs daily and synchronize with AD. The jobs contain all the 40 OU's. If I delete any users from SU01 then next day the deleted user will created back in SAP.

1. In Active Directory a new user is created as SAPTEST1 in OU=MOM. This user is not part of SAPERP group of AD.
2. When we call the RSLDAPSYNC_USER report, the user SAPTEST1 will also get created.

Does somebody faced this type of issue. Thanks in advance.

Regards,

Arjun