AD Sync - Excluding Computers

4/26/2018 3851 Contributors

If you sync computers from AD into PDQ Inventory then you may have wondered how you can exclude certain computers from syncing over. You can accomplish this a few ways.

Sync Only What You Need

Example One: You only need to collect inventory for computers under the Workstations organizational unit (OU) under deadwood/Deadwood Computers/Workstations


In your AD Sync pane in Preferences click the Include Container button. Select the Deadwood domain and navigate to the Workstations OU. If you want to include machines in any sub-collection, check the "Include Sub-tree" option.


This is what your AD Sync preferences would look like after making this entry.



Exclude What You Don't Need

OK, but what if you want to sync ALL computers under the Workstations OU except for computers in one specific sub-OU? In that case you would simply mark this sub-OU as an Exclude Container. The process is the same as outlined above except you click the Exclude Container and navigate to the OU. Be aware of the "Include Sub-tree" option as well.

Here is an example of us excluding computers in the FIP Encrypted OU (which is under Workstations).



OK, that's fine but what about this scenario? You need to Sync all computers under workstations EXCEPT a few computers? These computers are NOT in their own OU. Well, you cannot exclude specific computers but you can exclude computers which are members of specific AD Groups. Create a security group in Active Directory Users and Computers (not part of PDQ Inventory). 


Save and then open your new AD Group. Click the Add button. Make sure that Computers is listed in available Object Types.

Enter the names of the computers you want to exclude.


In your AD Sync Preferences push the Exclude Container button and select the new AD Group (Exclude From Inventory).