Skip to main content

LDIFDE (LDAP Data Interchange Format Directory Exchange)

LDIFDE (LDAP Data Interchange Format Directory Exchange)
A previous article described about CSVDE usage. This article will walk you through another tool LDIFDE (LDAP Data Interchange Format Directory Exchange), it is also a command prompt-based tool similar to CSVDE to export information from Active Directory.
LDIFDE and CSVDE both are the tools that can be used to export data from Active Directory, and for creating AD objects by using data presented in LDIF or CSV format. The exported data can be filtered
based on its location of the object, OU membership and object class, such as user, group or computer. While exporting exporting information (and exporting is what this article is about), you can also select what attributes should be exported, along with many other options.
Syntax
ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a UserDistinguishedName Password] [-b UserName Domain Password] [-?]
Here we have some scenarios to use LDIFDE or CSVDE:
  1. Adding a bulk lot of new users to Active Directory, complete with passwords.
  2. Modifying existing users or groups in Active Directory.
  3. Exporting Active Directory information.  We may want to modify attributes then import again.
  4. Changing schema information, for example adding email attributes.

Import With LDIFDE
When an administrator wants to import entries from a file into the active directory, [-i] in above syntax indicates the import switch, without this switch LDIFDE will just export information. To master importing user accounts, you must understand the LDAP attributes.  You can simply import the data with a command like this:
ldifde -i -f accounts.ldf -s server01
Export With LDIFDE
If you need to export OUs, users, and groups from an Domain, you can use below LDIFDE export command in the domain:
ldifde -f exportOU.ldf -s MyDC1 -d "dc=personal,dc=com" -p subtree -r "(objectCategory=organizationalUnit)" -l "cn,objectclass,ou"
If you need to export OUs, users, and groups from an entire forest, you may either run the above LDIFDE export commands against each domain in the forest, or alternatively, run the query once against the global catalog (GC). To do this, ensure that the domain controller that is specified by the -s switch is a GC, and additionally, specify the GC port using the -t switch. The GC port number is 3268.
ldifde -f exportusers.ldf -s MYDC1 -t 3268 -d "dc=personal,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName"
For More information on LDIFDE usage refer to MS KB 237677
Labels:

Comments

  1. AnonymousJune 8, 2013 at 7:56 PM

    This is my first time go to see at here and i am genuinely pleassant to read everthing at one place.
    EDI Provider

    ReplyDelete
  2. Security-OnlineNovember 24, 2016 at 8:09 PM

    As the exchange of useful information:
    Cloud computing offers your business many benefits. It allows you to set up what is essentially a virtual office to give you the flexibility of connecting to your business anywhere, anytime. With the growing number of web-enabled devices used in today's business environment (e.g. smartphones, tablets), access to your data is even easier. There are many benefits to moving your business to the cloud:data room

    ReplyDelete

Post a Comment

Appreciate your Feedbacks\Comments

Popular posts from this blog

About Hari Shanker

Thanks for visiting my site! My name is Hari Shanker, this is my weblog about various technical subjects. cloud computing and the occasional personal topics too. PROFESSIONAL INFORMATION I’ve been in the Information Technology field for more than 16 years, starting out with desktop support. Along the way, I worked as a systems administrator, Active Directory Specialist, Azure Specialist. Most recently, I was the Solution architect for Microsoft Azure at Rackspace. Currently, I work for Cognizant as a Principal Architect for Cloud Transformation & Solutioning. PERSONAL INFORMATION I live with my parents in the New Delhi area. Much of my time remains busy in my office and activities on various technical forums. During my leisure time, I love to spend time with Family & Friends and spend holidays on Hill stations. DISCLAIMER Any views or opinions expressed here are strictly my own. I am a blogger who works for an organization/company, I am not an organiz...
3 comments
Read more

Troubleshooting Memory Leak on Domain Controller in Lsass.exe Process

What is a memory leak? Application codes require that some amount of memory to be allocated, for storing values that will be worked with, and then deallocated when the code is finished working with them. This is a concern to Active Directory administrator because we don’t always have full control over all of the code which runs in our environment. Sometimes some applications have the specific problem of not being able to deallocate their memory usage when running on or against a domain controller, resulting in a memory leak. There can be memory leaks in either kernel or user mode but application derived memory leaks are by nature user mode leaks.
2 comments
Read more