export group using ldifde



can someone is my syntex correct or wrong ? i'm getting error connection
cannot be estanlished and error code 8224.. how should i resolve this ?

C:\>ldifde -f c:\group.ldf -s hbodc1 -d
DC=homebox,DC=com" -r "(objectClass=*)" -l "cn"
Connecting to "hbodc1"
The connection cannot be established
The error code is 8224
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.

Cary Shultz [A.D. MVP]

Dr. Pepper,

It all depends on what you are trying to do. Let's just say that you have
the following OU structure:



OU=San Diego
OU=Los Angeles
OU=San Francisco

Let's say that there is a security group that resides in OU=Offices ( called
"Company" ) and that there is a security group in each of the sub-OUs ( in
the OU=San Diego the security group is called 'San Diego", in the OU=Los
Angeles the security group is called "Los Angeles", etc. ).

So, if you want to get the membership of each of the five groups you would
enter something like this:

c:\>ldifde -f c:\groups.ldf -s dc01.domain.com -t 389 -d
"OU=Offices,DC=Domain,DC=Com" -p subtree -r "(objectClass=group)" -l

This will bind to the DC named dc01.domain.com using the default port of
389. It will start its search at 'OU=Offices,DC=Domain,DC=Com' and look
only for objects that meet the requirements of the seach filter (
objectClass=group ). For each object that it finds it will return the value
of the three attributes that you have specified ( -l ).

So, it would find the group Company, San Diego, Los Angeles, San Francisco
and Oakland. For each of these five groups it would return the values for
the CN, groupType and member attributes

Is this clear?

Now, let's say that you want to do this for a specific group. Let's just
pick the Oakland group. You would enter something like this:

c:\>ldifde -f c:\oakland.ldf -s dc01.domain.com -t 389 -d
"CN=Oakland,OU=Oakland,OU=Offices,DC=Domain,DC=Com" -l

This is a little bit different. Since we are binding to the group directly
we do not really need to use any search filter ( the -r switch ). All we
really need to do is to specify the attributes for which you would like the

Does this make sense?

Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question