Yes, hopefully this helps you and others. The method that we needed to use was the User List Filter along with the User Listing Base and User Search Filter. It’s helps to get the DistinguishedName of the path to the OU you want to use (Like Sysinternals AD Explorer). I will describe the filters strings below.
#Use to narrow down which Organizational Units to search for. The more you use, the faster the audit roles will be. Being too broad can make it slower. To do this you combine your OU’s seperatley with parenthesis.
User Listing Base: (OU=SomeOU,DC=Domain,DC=com)(OU=SomeOtherOU,DC=Domain,DC=com)(OU=YetAnotherOU,DC=Domain,DC=com)
#This was the most important and needed help from IA support.
User List Filter:(&(objectCategory=person)(objectClass=user)(!(objectClass=computer))(|(memberOf=CN=YourOUGroup,OU=Security Groups,OU=SubsubFolderOU,OU=SubFolderOU,OU=MainOU,DC=Domain,DC=com)))
#Left this as default.
User Search Filter: (&(objectClass=user)(sAMAccountName={0}))