HOW TO: Match all users from a Organizational Unit (OU) to an Internal User Policy with PGP Universal Server 2.10 through 2.12


Article ID: 180238


Updated On:


Symantec Products




This article describes how to search for regular expressions for Directory Synchronization on PGP Universal Server 2.10 through 2.12.  For information on Grouping based on OU for PGP Universal Server 3.0 and above, please see the following KB:


PGP Universal Sever allows administrators to use regular expressions (regex) to match attributes for user groups on the server.

If the user object you want to specify for an Internal User Policy is located in OU=OrgUnit,DC=pgptest,DC=dom you need to use the following attributes:

Attribute: distinguishedName
Value: /^.+,OU=OrgUnit,DC=pgptest,DC=dom$/



/ Specifies the beginning and ending of the expression which provides the PGP Universal Server the information that this is not an exact match but a Regex match.
^ Defines the beginning of the string.
.+ Specifies that any number but at least one character can be at this location.
,OU=OrgUnit,DC=pgptest,DC=dom Signifies that this string must be present in the value.
$ Specifies this is the end of the string.

Therefore the regex attribute search ' /^.+,OU=OrgUnit,DC=pgptest,DC=dom$/ ' matches all strings that end with the the string ',OU=OrgUnit,DC=pgptest,DC=dom' and have at least one character before this string.