This section describes the AD Object browser, which you use to select a Directory object when defining an AD Mapping rule, in more detail.

The left pane of the AD Object browser is where you determine the scope of your search. It displays an AD tree with “[All Domains]” at the top of the tree and then shows the contents of the tree in standard browser format, with +/- buttons at each node that contains other objects so that you can collapse or expand the tree at that point.

The right pane has a description of what you are searching for, based on the “Relationship” value you entered in the Active Directory Policy Rule parameters. When you click on a node in the tree on the left, all objects immediately under that node matching the “Relationship” (e.g., “OUs and domains”) appear in the right pane. You click on an object in the right pane to select it and enter it in the Rule Parameters panel.

Object Search Depth

In the upper right area of the browser, there is a checkbox labeled “Deep”. When you check the Deep box and click Go, this results in a multi-level search that examines not just the immediate contents of the selected node but the contents of any nodes inside it, regardless of how many layers deep they are.

The AD object browser showing the Deep search results

Object String Match

Another option in the AD Object browser is searching by string match. If you enter a string of characters in the box immediately to the left of the “Deep” checkbox, you can search for AD objects in the selected node that start with, end with, or contain the string. You make the choice of how to use the string via the dropdown menu to the left of the text box. For example, enter “eng” in the text box and then search for “group names that contain” the string.

The AD object browser showing the string search