LDIFDE

[Guest]

Hi all

Is it possible to export all the objects in AD (I mean all like OU, Exchange objects - let me say what ever I see in AD Users and Computers snapin) and import it to another DC? After importing do I have to enable all the users? Can anybody give the command to export all the objects under AD Users and Computers snapin

Any KB articles, please advice

Thanks so much

 

[Jimmy Andersson [MVP]]

See this article on LDIFDE:

Using LDIFDE to Import and Export Directory Objects to Active Directory.
http://support.microsoft.com/default.aspx?scid=kb;en-us;237677

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------

Hi all,

Is it possible to export all the objects in AD (I mean all like OU,

Exchange objects - let me say what ever I see in AD Users and Computers
snapin) and import it to another DC? After importing do I have to enable all
the users? Can anybody give the command to export all the objects under AD
Users and Computers snapin?

 

[Guest]

I tried this. But my containers and distribution listis not exported. Please advic

Thank
----- Jimmy Andersson [MVP] wrote: ----

See this article on LDIFDE

Using LDIFDE to Import and Export Directory Objects to Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;23767

Regards
/Jimm
--
Jimmy Andersson, Q Advice A
Microsoft MVP - Directory Service
---------- www.qadvice.com ---------

Hi all

Exchange objects - let me say what ever I see in AD Users and Computer
snapin) and import it to another DC? After importing do I have to enable al
the users? Can anybody give the command to export all the objects under A
Users and Computers snapin

 

[Cary Shultz [A.D. MVP]]

TTS,

If this is not showing any groups then I would suggest that one of three
things is happening:

1) you entered something incorrectly,
2) you simply did not find them,
3) you do not have any groups

I am sure that you probably did not find them...

Anyway, try this:

ldifde -f groups.ldf -s yourservername -t 389 -p subtree -r
"(objectClass=group)"

This should result in a file ( called 'groups.ldf' ). See what happens when
you do this.

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

TTS,

My mistake. In my haste I left off a switch. It should have been:

ldifde -f groups.ldf -s yourservername -t 389 -d "DC=yourdomain,DC=com" -p
subtree -r "(objectClass=group)"

Sorry.

Cary

 

[Cary Shultz [A.D. MVP]]

Well,

I am thinking that if I gave you one piece of the puzzle I might as well
give it all to you. Sorry for the multiple posts. Anyway, you can do this
for the computer accounts as well as the user accounts. This should give
you three .ldf files and if might be a bit easier for you. Here is the
syntax:

ldifde -f computers.ldf -s servername -t 389 -d "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=computer)(objectClass=user))

This will give you an .ldf file named 'computers.ldf' from which you can see
what computer accounts are in your domain.

ldifde -f users.ldf -s servername -t 389 -d "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=person)(objectClass=user))"

This will give you a third file named 'users.ldf' from which you can see
what user accounts are in your domain.


Just a hint: if you need only specific attributes to be listed in the
output files ( groups.ldf, computers.ldf and users.ldf ) then you can add
the -l switch ( that is the lower case letter 'L' ) at the end of each line
with the specific attributes that you want / need. Here are some examples:

================
ldifde -f groups.ldf -s yourservername -t 389 -d "DC=yourdomain,DC=com" -p
subtree -r "(objectClass=group)" -l "DN,mail,groupType,members"

This will give you the Distinguished Name, the e-mail address associated
with the group ( if applicable ), the type of group ( security /
distribution and local, global, universal ) and the members of that group.

================

ldifde -f computers.ldf -s servername -t 389 -d "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=computer)(objectClass=user)) -l
"DN,sAMAccountName,operatingSystem,operatingSystemVersion,operatingSystemSer
vicePack"

This will give you the Distinguished Name, the 'old stlye name', the
Operating System, the Operating System Version and the Operating System
Service Pack level.

These two examples are what I typically use. You may need / want other
attributes to be included in the output files.

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

TTS,

Sorry for the delayed response. I have been very busy. Please take a look
at the following links:

http://www.ietf.org/rfc/rfc2256.txt
http://www.ietf.org/rfc/rfc2798.txt
http://www.ietf.org/rfc/rfc2849.txt
http://support.microsoft.com/?id=237677

This should lead you down the right path.

Cary

Thanks so much. That's very useful.

I can't still figure the switches and attributes I have to use to export

certian data from AD. Could you advice me any KB articles or URL from where
I get more information about Object Class, Object Category ETC.

Thanks again


----- Cary Shultz [A.D. MVP] wrote: -----

Well,

I am thinking that if I gave you one piece of the puzzle I might as well
give it all to you. Sorry for the multiple posts. Anyway, you can do this
for the computer accounts as well as the user accounts. This should give
you three .ldf files and if might be a bit easier for you. Here is the
syntax:

ldifde -f computers.ldf -s servername -t 389 -d "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=computer)(objectClass=user))

This will give you an .ldf file named 'computers.ldf' from which you can see
what computer accounts are in your domain.

ldifde -f users.ldf -s servername -t 389 -d "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=person)(objectClass=user))"

This will give you a third file named 'users.ldf' from which you can see
what user accounts are in your domain.


Just a hint: if you need only specific attributes to be listed in the
output files ( groups.ldf, computers.ldf and users.ldf ) then you can add
the -l switch ( that is the lower case letter 'L' ) at the end of each line
with the specific attributes that you want / need. Here are some examples:

================
ldifde -f groups.ldf -s yourservername -t 389 -d "DC=yourdomain,DC=com" -p
subtree -r "(objectClass=group)" -l "DN,mail,groupType,members"

This will give you the Distinguished Name, the e-mail address associated
with the group ( if applicable ), the type of group ( security /
distribution and local, global, universal ) and the members of that group.

================

ldifde -f computers.ldf -s servername -t 389 -d "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=computer)(objectClass=user)) -l
"DN,sAMAccountName,operatingSystem,operatingSystemVersion,operatingSystemSer
vicePack"

This will give you the Distinguished Name, the 'old stlye name', the
Operating System, the Operating System Version and the Operating System
Service Pack level.

These two examples are what I typically use. You may need / want other
attributes to be included in the output files.

HTH,

Cary

"DC=yourdomain,DC=com" -p
subtree -r "(objectClass=group)" happens
when

 

[Cary Shultz [A.D. MVP]]

TSS,

The -r is not correct. Simply remove the (givenName=*) and everything
should be okay as far as the search filter parameter. However, the -l might
be missing some attributes and you might have included some attributes that
will not necessarily work. It looks like you are trying to get the members
of your security / distribution groups. You would need to do something
differently to do this. Based on your search filter you are going to get
your user account objects. If you want to include the group of which they
are members then you might want to include the 'memberOf' attribute in
your -l switch and get rid of the groupType and members.

HTH,

Cary

Getting error " Add error on line 1 : Object Class violation. The server

side error is : "The object class attribute must be specified" . I used this
command to export all the users, email address and group memberships.

ldifde -f exportuser0422.ldf -s ici-dc1 -d "dc=ici,dc=org" -p subtree -r

"(&(objectCategory=person)(objectClass=User)(givenname=*))" -l
"cn,givenName,mail,groupType,members"

Please advice and thanks so very much.

TTS
----- Cary Shultz [A.D. MVP] wrote: -----

TTS,

Sorry for the delayed response. I have been very busy. Please take a look
at the following links:

http://www.ietf.org/rfc/rfc2256.txt
http://www.ietf.org/rfc/rfc2798.txt
http://www.ietf.org/rfc/rfc2849.txt
http://support.microsoft.com/?id=237677

This should lead you down the right path.

Cary

Thanks so much. That's very useful.

export
certian data from AD. Could you advice me any KB articles or URL from where
I get more information about Object Class, Object Category ETC.

Thanks again
----- Cary Shultz [A.D. MVP] wrote: -----
Well,
I am thinking that if I gave you one piece of the puzzle I

might as
well

give it all to you. Sorry for the multiple posts. Anyway,

you can
do this

for the computer accounts as well as the user accounts. This

should

give
you three .ldf files and if might be a bit easier for you.

Here is
the

syntax: "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=computer)(objectClass=user))

which you
can see

what computer accounts are in your domain. "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=person)(objectClass=user))"

you can
see

what user accounts are in your domain.

listed in
the

output files ( groups.ldf, computers.ldf and users.ldf ) then

you can
add

the -l switch ( that is the lower case letter 'L' ) at the end

of
each line

with the specific attributes that you want / need. Here are

some

examples:
ldifde -f groups.ldf -s yourservername -t 389 -d "DC=yourdomain,DC=com" -p
subtree -r "(objectClass=group)" -l "DN,mail,groupType,members" associated
with the group ( if applicable ), the type of group ( security /
distribution and local, global, universal ) and the members of

that

group. "DC=yourdomain,DC=com" -p
subtree - r "(&(objectCategory=computer)(objectClass=user)) -l

"DN,sAMAccountName,operatingSystem,operatingSystemVersion,operatingSystemSer

name', the
Operating System, the Operating System Version and the

Operating

System
Service Pack level.

want

other
attributes to be included in the output files.