Hi Chudleigh,

In AD make a new group for X3 users and all the users to that group.  Then in X3 sync on the base group and add the X3 group as a filter.

Hi Chudleigh,

In AD make a new group for X3 users and all the users to that group.  Then in X3 sync on the base group and add the X3 group as a filter.

```

Root (internal.falsesage.com)

- Microsoft OU (multiple).

-- Guest

-- Administrator

- sagex3 (OU)

-- SageX3Users (Group) <---- Added all the users to be added to Sage X3 here.

- OU-SageAsia (OU)

-- OU-A-TC (OU)

--- U-OU-A-TC-J (User)

- OU-SageUS

-- OU-US-TC (OU)

--- U-OU-US-TC-M (User)

- OU-Test

-- G-OU-TEST-TC (Group)

-- U-OU-TEST-chunheng (User)

```

Using this as reference: https://serverfault.com/a/686973

Search base need to be set as root location due to the AD setup (if set to a lower level and group was on a separate OU from root, ldap cannot see it exist):

For sync search filter:

If `Users belonging to known groups` was enabled, it will add the whole `Administration > Groups` with LDAP sync path into the search filter, which I do not want since it is extremely verbose.

Additional note:

I have updated the search filter since I was having LDAP authentication issues (too much matching user; search filter not set correctly) as so per:  How to setup LDAP for V7 and later?