NetIQ Identity Manager 4.0.1 AE / Windows Server 2008 R2 64-bit
eDirectory 8.8 SP6 64-bit / Windows Server 2008 R2
Active Directory Identity Manager driver with Remote Loader. (Subscriber-only)

I have a IDM job which does query the users from the Active Directory driver from within a specified target subtree. The Query token is working fine, but it returns ALL the users as (nodeset) and not the ones that I wish to return hence
i parse all the node-sets results back and choose the ones i want using "if-statements" thus making my query process very long & slow...

What i want is : Query all the users from the Active Directory within specific subtree whose displayName is empty or not present, the eq: LDAP filter (|(!(displayName=*))(displayName="")), return attributes: CN,sAMAccountName,displayName,lastLogon

I see that Query token support Match Option, but DOES NOT see if it supports "NOT-MATCH" or "NOT-PRESENT" options.

I have tried fullName Match="" , but it returns all the nodesets anyhow.

LDAP ECMASCRIPT is not usefuly, since the AD driver is running with remoteloader and there is not firewall openings on tcp 389 between IDM engine and AD.


Any Help from IDM Experts here? or Sample Code?


-M.