Hi,
I have an AD with about 10,000 users. At the moment they've all been imported into SharePoint 2013, using "AD Import" (no LDAP filter, targeted at the User container), so we have about 10,000 profile entries. About 2,000 people have actually clicked through and triggered creation of a MySite.
We want to change access so that only people in a specific AD group get access to SharePoint, for a few years. Once they no longer use it, they will be removed from the AD group, and we want their MySite to be automatically deleted. Their AD account itself stays.
I thought the answer would be to add an LDAP filter to our SharePoint AD Import config, looking at "memberof". However, this does not *reduce* the number of imported profiles to match the AD group membership, and does not delete the old users MySites, as I would expect. In fact it doesn't seem like anything we put into the LDAP filter box reduces the number of profiles/mysites (I even ran a really simple one on test lab (sn=Smith) but nothing changes!).
Am I misunderstanding how this works? How can I achieve what I need to do?
Best Regards, Mark