Hi Madhan
I have played around with importad.sas but only for the purposes of experimentation in a Lev2 environment. We also don't have Employee ID. samaccountname or distinguishedName are options: samaccountname is the recommended alternative because in some establishments users get put into different OUs. I used distinguishedName because that doesn't happen with us, and our users sometimes get their user IDs changed (different prefixes for different types of user). Even so, distinguishedName can also change if someone has a change of name. It's one (minor) reason why I decided not to take it beyond the experimentation into Lev1.
It's worth reading in detail the KB referenced by @Kurt_Bremser, and the appropriate appendix in the Intelligence Platform Security Administration Guide referred to in that. Also, the comments in importad.sas are very useful too.
Regarding the filters, I think they will depend on your own AD structure. Mine subsetted the LDAP queries by the initial letter of users' DisplayNames to stop each query timing out in AD (might be the default, can't remember), and only returned groups with a specific prefix (related to users' permissions on the SAS server). But if nothing is getting returned it might be that you need to check the values of the ADPerBaseDN and ADGrpBaseDN macro variables initialised at the beginning. These specify where in the LDAP hierarchy searches for people and groups begin.
Hope this helps.
... View more
