Home | News | Links | Howto's | Reviews | Faq's | About Us | Downloads | Search | Forum | Submit | Login
Datacrash Forum  


Boardwalk :: Forum List From the field Windows related
Mutsje
Admin
Posts: 468
graph
 
 Exporting objects or attributes from Active Direct - 2006/05/12 08:27 A very handy tool for exporting virtually everything found in Active Directory (ie. all readable information from the Schema) is ldifde.exe.

The default help output is this:
***********
General Parameters

==================

-i Turn on Import Mode (The default is Export)

-f filename Input or Output filename

-s servername The server to bind to (Default to DC of logged in Domain)

-c FromDN ToDN Replace occurences of FromDN to ToDN

-v Turn on Verbose Mode

-j Log File Location

-t Port Number (default = 389)

-u Use Unicode format

-? Help



Export Specific

===============

-d RootDN The root of the LDAP search (Default to Naming Context)

-r Filter LDAP search filter (Default to "(objectClass=*)")

-p SearchScope Search Scope (Base/OneLevel/Subtree)

-l list List of attributes (comma separated) to look for

in an LDAP search

-o list List of attributes (comma separated) to omit from

input.

-g Disable Paged Search.

-m Enable the SAM logic on export.

-n Do not export binary values



Import

======

-k The import will go on ignoring 'Constraint Violation'

and 'Object Already Exists' errors

-y The import will use lazy commit for better performance



Credentials Establishment

=========================

Note that if no credentials is specified, LDIFDE will bind as the currently

logged on user, using SSPI.



-a UserDN [Password | *] Simple authentication

-b UserName Domain [Password | *] SSPI bind method



Example: Simple import of current domain

ldifde -i -f INPUT.LDF



Example: Simple export of current domain

ldifde -f OUTPUT.LDF



Example: Export of specific domain with credentials

ldifde -m -f OUTPUT.LDF

-b USERNAME DOMAINNAME *

-s SERVERNAME

-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"

-r "(objectClass=user)"

*************

Some notes:
To apply a filter, adjust (objectclass=*) to any attribute you want. If you are not sure about the syntax, use ADSI Edit (for example) to find it.
Example: To extract all users with a home folder on a particular server, type (homeDirectory=*servername*)

To extract just a view attributes of the objects, use the -l command and type the attribute names (comma separated), example: to just list the cn and home folder of users, use -l cn,homeDirectory

Edit: if you would like see just the 'DN' (top line), use "-l nothing" (without quotes)

To run a query against an entire forest, query a Global Catalog server and add -t 3268 (portnumber voor GC) to the command line, also enter the root domain.
For example:
ldifde -f Exportuser.ldf -s "Server1" -t 3268 -d "dc=rootdomain" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName" GPO adicted
  | | The administrator has disabled public write access.
Boardwalk :: Forum List From the field Windows related

Joomlaboard Forum Component 1.1.2 Stable
Two Shoes M-Factory