Ldifde

Creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export user and group information to other applications or services, and populate Active Directory Lightweight Directory Services (AD LDS) with data from other directory services.

Syntax

ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a UserDistinguishedName Password] [-b UserName Domain Password] [-?]

Parameters

-i
Specifies import mode. If the import mode is not specified, the default mode is export.
-f FileName
Identifies the import or export file name.
-s ServerName
Specifies the computer on which to perform the import or export operation. By default, ldifde will run on the computer on which ldifde is installed.
-c String1 String2
Replaces all occurrences of String1 with String2. You generally use this when you import data from one domain to another and the distinguished name of the export domain (String1) must be replaced with the distinguished name of the import domain (String2).
-v
Sets verbose mode.
-j Path
Sets the log file location. The default is the current path.
-t PortNumber
Specifies a Lightweight Directory Access Protocol (LDAP) port number. The default LDAP port is 389. The global catalog port is 3268.
-d BaseDN
Sets the distinguished name of the search base for data export.
-r LDAPFilter
Creates an LDAP search filter for data export. For example, to export all users with a particular surname, you can use the following filter: -r (and(objectClass=User)(sn=SurName))
-p Scope
Sets the search scope. Search scope options are Base, OneLevel, or SubTree.
-l LDAPAttributeList
Sets the list of attributes to return in the results of an export query. If this parameter is omitted, all attributes are returned.
-o LDAPAttributeList
Sets the list of attributes to omit from the results of an export query. You typically use this when you export objects from Active Directory Domain Services (AD DS) and then import them into another LDAP-compliant directory. If attributes are not supported by another directory, you can omit the attributes from the result set using this option.
-g
Omits paged searches.
-m
Omits attributes that cannot be written, such as the ObjectGUID and objectSID attributes.
-n
Omits export of binary values.
-k
Ignores errors during the import operation, and continues processing. The following is a complete list of ignored errors:
  • Object is already a member of the group.

  • Object class violation (meaning that the specified object class does not exist) if the object being imported has no other attributes.

  • Object already exists.

  • Constraint violation.

  • Attribute or value already exists.

  • No such object.

-a UserDistinguishedName Password
Sets the command to run using the supplied UserDistinguishedName and Password. By default, the command will run using the credentials of the user who is currently logged on to the network. This option cannot be used with the -b option.
-b UserName Domain Password
Sets the command to run using the supplied UserName Domain Password. By default, the command will run using the credentials of the user who is currently logged on to the network. This option cannot be used with the -a option.
-?
Displays the command menu.

Remarks

  • With the -c parameter, you can use the constants #schemaNamingContext and #configurationNamingContext in place of the distinguished names of the schema directory partition and configuration directory partition.

  • When you create the import file to use with the ldifde command, use a changeType value to define the type of changes that the import file will contain. The changeType values in the following table are available.

    Value Description

    add

    Specifies that new content is contained in the import file.

    modify

    Specifies that existing content has been modified in the import file.

    delete

    Specifies that content has been deleted in the import file.

The following is an example of an LDAP Data Interchange Format (LDIF) import file format using the add value:

DN: CN=SampleUser,DC=DomainName

changetype: add

CN: SampleUser

description: DescriptionOfFile

objectClass: User

userPrincipalName: SampleUser

Examples

To retrieve only the distinguished name, common name, first name, surname, and telephone number of the returned objects, type:

-l DistinguishedName, CN, GivenName, SN, Telephone

To omit the globally unique identifier (GUID) for an object, type:

-o whenCreated, whenChanged, objectGUID

Formatting legend

Format Meaning

Italic

Information that you supply

Bold

Elements that you type exactly as shown

Ellipsis (...)

A parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

A set of choices from which you must choose only one

Courier font

Code or program output

Additional references