You're right. Perhaps I wasn't clear enough or perhaps my broken English got in the way. I do not want to create another identity for those that do not match.

Let me exemplify. I get users from HR. I get the same users from AD but I also get service accounts and even terminated users from the same AD. Obviously I don't want a terminated user or a service account to be construed as an Identity, if anything it should be detected as an orphan account.

I could filter some of those accounts with an LDAP filter. But not all of them.

What I've seen in other Governance tools is a checkbox that reads 'This collector does not create Identities' or something to that effect. That's what I want. A collector that supplements missing information about an existing identity.