Paul Bergson said:Ldifde
Ldifde
Creates, modifies, and deletes directory objects on computers running
Windows Server 2003 operating systems or Windows XP Professional. You can
also use Ldifde to extend the schema, export Active Directory user and group
information to other applications or services, and populate Active Directory
with data from other directory services.
Syntax
ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
UserDistinguishedName Password] [-b UserName Domain Password] [-?]
Parameters
-i
Specifies import mode. If not specified, the default mode is export.
-f FileName
Identifies the import or export file name.
-s ServerName
Specifies the domain controller to perform the import or export operation.
By default, Ldifde will run on the domain controller on which Ldifde is
installed.
-c String1 String2
Replaces all occurrences of String1 with String2. This is generally used
when importing data from one domain to another and the distinguished name of
the export domain (String1) needs to be replaced with that of the import
domain (String2).
-v
Sets verbose mode.
-j Path
Sets the log file location. The default is the current path.
-t PortNumber
Specifies a LDAP port number. The default LDAP port is 389. The global
catalog port is 3268.
-d BaseDN
Sets the distinguished name of the search base for data export.
-r LDAPFilter
Creates a LDAP search filter for data export. For example, to export all
users with a particular surname, you can use the following filter -r
(and(objectClass=User)(sn=Surname))
-p Scope
Sets the search scope. Search scope options are Base, OneLevel, or
SubTree.
-l LDAPAttributeList
Sets the list of attributes to return in the results of an export query.
If this parameter is omitted, all attributes are returned.
-o LDAPAttributeList
Sets the list of attributes to omit from the results of an export query.
This is typically used when exporting objects from Active Directory and then
importing them into another LDAP-compliant directory. If attributes are not
supported by another directory, you can omit the attributes from the result
set using this option.
-g
Omits paged searches.
-m
Omits attributes that only apply to Active Directory objects such as the
ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
-n
Omits export of binary values.
-k
Ignores errors during the import operation and continues processing. The
following is a complete list of ignored errors:
a.. object is already a member of the group
b.. object class violation (meaning the specified object class does not
exist), if the object being imported has no other attributes
c.. object already exists
d.. constraint violation
e.. attribute or value already exists
f.. no such object
-a UserDistinguishedName Password
Sets the command to run using the supplied UserDistinguishedName and
Password. By default, the command will run using the credentials of the user
currently logged on to the network.
-b UserName Domain Password
Sets the command to run using the supplied UserName Domain Password. By
default, the command will run using the credentials of the user currently
logged on to the network.
-?
Displays the command menu.
Remarks
a.. When creating the import file to use with the Ldifde command, use a
changeType value to define the type of changes the import file will contain.
The following changeType values are available: Value Description
add Specifies that new content is contained in the import file.
modify Specifies that existing content has been modified in the
import file.
delete Specifies that content has been deleted in the import file.
The following is an example of an LDIF import file format using the add
value.
DN: CN=SampleUser,DC=DomainName
changetype: add
CN: SampleUser
description: DescriptionOfFile
objectClass: User
sAMAccountName: SampleUser
Examples
To retrieve only the distinguished name, common name, first name, surname,
and telephone number of the returned objects, type:
-l DistinguishedName, CN, GivenName, SN, Telephone
To omit the object GUID, type:
-o whenCreated, whenChanged, objectGUID
Formatting legend
Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (...) Parameter that can be repeated several times in a
command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example:
{even|odd} Set of choices from which the user must choose only one
Courier font Code or program output
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
Zman said:Is there a utility/command that anyone knows of for getting a dump of all the
user accounts and date created in a W2K domain? We need this for auditing
purposes.
Thanks
Zman said:Thanks, but will this work on a W2K server? There are no W2003 servers in
the environment.
Paul Bergson said:Ldifde
Ldifde
Creates, modifies, and deletes directory objects on computers running
Windows Server 2003 operating systems or Windows XP Professional. You can
also use Ldifde to extend the schema, export Active Directory user and group
information to other applications or services, and populate Active Directory
with data from other directory services.
Syntax
ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
UserDistinguishedName Password] [-b UserName Domain Password] [-?]
Parameters
-i
Specifies import mode. If not specified, the default mode is export.
-f FileName
Identifies the import or export file name.
-s ServerName
Specifies the domain controller to perform the import or export operation.
By default, Ldifde will run on the domain controller on which Ldifde is
installed.
-c String1 String2
Replaces all occurrences of String1 with String2. This is generally used
when importing data from one domain to another and the distinguished name of
the export domain (String1) needs to be replaced with that of the import
domain (String2).
-v
Sets verbose mode.
-j Path
Sets the log file location. The default is the current path.
-t PortNumber
Specifies a LDAP port number. The default LDAP port is 389. The global
catalog port is 3268.
-d BaseDN
Sets the distinguished name of the search base for data export.
-r LDAPFilter
Creates a LDAP search filter for data export. For example, to export all
users with a particular surname, you can use the following filter -r
(and(objectClass=User)(sn=Surname))
-p Scope
Sets the search scope. Search scope options are Base, OneLevel, or
SubTree.
-l LDAPAttributeList
Sets the list of attributes to return in the results of an export query.
If this parameter is omitted, all attributes are returned.
-o LDAPAttributeList
Sets the list of attributes to omit from the results of an export query.
This is typically used when exporting objects from Active Directory and then
importing them into another LDAP-compliant directory. If attributes are not
supported by another directory, you can omit the attributes from the result
set using this option.
-g
Omits paged searches.
-m
Omits attributes that only apply to Active Directory objects such as the
ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
-n
Omits export of binary values.
-k
Ignores errors during the import operation and continues processing. The
following is a complete list of ignored errors:
a.. object is already a member of the group
b.. object class violation (meaning the specified object class does not
exist), if the object being imported has no other attributes
c.. object already exists
d.. constraint violation
e.. attribute or value already exists
f.. no such object
-a UserDistinguishedName Password
Sets the command to run using the supplied UserDistinguishedName and
Password. By default, the command will run using the credentials of the user
currently logged on to the network.
-b UserName Domain Password
Sets the command to run using the supplied UserName Domain Password. By
default, the command will run using the credentials of the user currently
logged on to the network.
-?
Displays the command menu.
Remarks
a.. When creating the import file to use with the Ldifde command, use a
changeType value to define the type of changes the import file will contain.
The following changeType values are available: Value Description
add Specifies that new content is contained in the import file.
modify Specifies that existing content has been modified in the
import file.
delete Specifies that content has been deleted in the import file.
The following is an example of an LDIF import file format using the add
value.
DN: CN=SampleUser,DC=DomainName
changetype: add
CN: SampleUser
description: DescriptionOfFile
objectClass: User
sAMAccountName: SampleUser
Examples
To retrieve only the distinguished name, common name, first name, surname,
and telephone number of the returned objects, type:
-l DistinguishedName, CN, GivenName, SN, Telephone
To omit the object GUID, type:
-o whenCreated, whenChanged, objectGUID
Formatting legend
Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (...) Parameter that can be repeated several times in a
command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example:
{even|odd} Set of choices from which the user must choose only one
Courier font Code or program output
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
allZman said:Is there a utility/command that anyone knows of for getting a dump of
theuser accounts and date created in a W2K domain? We need this for auditing
purposes.
Thanks
Zman said:Thanks, but will this work on a W2K server? There are no W2003 servers in
the environment.
Paul Bergson said:Ldifde
Ldifde
Creates, modifies, and deletes directory objects on computers running
Windows Server 2003 operating systems or Windows XP Professional. You can
also use Ldifde to extend the schema, export Active Directory user and group
information to other applications or services, and populate Active Directory
with data from other directory services.
Syntax
ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
UserDistinguishedName Password] [-b UserName Domain Password] [-?]
Parameters
-i
Specifies import mode. If not specified, the default mode is export.
-f FileName
Identifies the import or export file name.
-s ServerName
Specifies the domain controller to perform the import or export operation.
By default, Ldifde will run on the domain controller on which Ldifde is
installed.
-c String1 String2
Replaces all occurrences of String1 with String2. This is generally used
when importing data from one domain to another and the distinguished name of
the export domain (String1) needs to be replaced with that of the import
domain (String2).
-v
Sets verbose mode.
-j Path
Sets the log file location. The default is the current path.
-t PortNumber
Specifies a LDAP port number. The default LDAP port is 389. The global
catalog port is 3268.
-d BaseDN
Sets the distinguished name of the search base for data export.
-r LDAPFilter
Creates a LDAP search filter for data export. For example, to export all
users with a particular surname, you can use the following filter -r
(and(objectClass=User)(sn=Surname))
-p Scope
Sets the search scope. Search scope options are Base, OneLevel, or
SubTree.
-l LDAPAttributeList
Sets the list of attributes to return in the results of an export query.
If this parameter is omitted, all attributes are returned.
-o LDAPAttributeList
Sets the list of attributes to omit from the results of an export query.
This is typically used when exporting objects from Active Directory and then
importing them into another LDAP-compliant directory. If attributes are not
supported by another directory, you can omit the attributes from the result
set using this option.
-g
Omits paged searches.
-m
Omits attributes that only apply to Active Directory objects such as the
ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
-n
Omits export of binary values.
-k
Ignores errors during the import operation and continues processing. The
following is a complete list of ignored errors:
a.. object is already a member of the group
b.. object class violation (meaning the specified object class does not
exist), if the object being imported has no other attributes
c.. object already exists
d.. constraint violation
e.. attribute or value already exists
f.. no such object
-a UserDistinguishedName Password
Sets the command to run using the supplied UserDistinguishedName and
Password. By default, the command will run using the credentials of the user
currently logged on to the network.
-b UserName Domain Password
Sets the command to run using the supplied UserName Domain Password. By
default, the command will run using the credentials of the user currently
logged on to the network.
-?
Displays the command menu.
Remarks
a.. When creating the import file to use with the Ldifde command, use a
changeType value to define the type of changes the import file will contain.
The following changeType values are available: Value Description
add Specifies that new content is contained in the import file.
modify Specifies that existing content has been modified in the
import file.
delete Specifies that content has been deleted in the import file.
The following is an example of an LDIF import file format using the add
value.
DN: CN=SampleUser,DC=DomainName
changetype: add
CN: SampleUser
description: DescriptionOfFile
objectClass: User
sAMAccountName: SampleUser
Examples
To retrieve only the distinguished name, common name, first name, surname,
and telephone number of the returned objects, type:
-l DistinguishedName, CN, GivenName, SN, Telephone
To omit the object GUID, type:
-o whenCreated, whenChanged, objectGUID
Formatting legend
Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (...) Parameter that can be repeated several times in a
command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example:
{even|odd} Set of choices from which the user must choose only one
Courier font Code or program output
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
allZman said:Is there a utility/command that anyone knows of for getting a dump of
theuser accounts and date created in a W2K domain? We need this for auditing
purposes.
Thanks
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.