Using CSVDE and LDIFDE to Export Information from Active Directory Snapshots in Windows Server 2008

by Daniel Petri - December 17, 2008

As described in the previous articles in this series, Active Directory snapshots in Windows Server 2008 allow an administrator to create snapshots of the Active Directory database. By using them, you can view the data inside such a snapshot and use it to restore or inspect data without the need to start the server in Directory Services Restore Mode. These snapshots can be stored on the local hard disk of the Domain Controller (DC), or moved to an offline type of storage. You can read more about this topic on my "Working with Active Directory Snapshots in Windows Server 2008", "Automating the Creation of Active Directory Snapshots" and "Exporting Information from Active Directory Snapshots in Windows Server 2008" articles.

In order to remind you let me briefly go over the process of creating and using the AD snapshot:

  1. Either manually create or schedule a task that regularly runs NTDSUTIL to take snapshots of the volume that contains the AD DS database.
  2. Run NTDSUTIL to list the snapshots that are available, and mount the snapshot that you want to view.
  3. Run DSAMAIN to expose the snapshot volume as an LDAP server.

A previous article described how to use a GUI-based tool such as DSA.msc, LDP.exe or ADSIEDIT.msc to attach to the snapshot’s LDAP port that you specified when you exposed the snapshot as an LDAP server. This article will walk you through the steps of using 2 command prompt-based tools: LDIFDE and CSVDE to export information from within the snapshot.

LDIFDE and CSVDE are two tools that can be used to export data from Active Directory, and for creating Active Directory objects through the use of clean formatted data presented in LDIF or CSV format. The data that is exported can be filtered based on its location in the directory, OU membership and object class, such as user, group or computer. When exporting information (and exporting is what this article is about), you can also select what attributes should be exported, along with many other options.

In this article and for all the following examples I will use port 10389. I have also created an OU called "Dev" in my test domain, and placed a few users in it. I've created a snapshot, and afterwards I have made some changes on the Dev users in the live AD.

While both CSVDE and LDIFDE have almost the same syntax, here are some details about the relevant switches we're going to use for these examples. Note that there are many other options, however they are beyond the scope of this article.

  • The -f switch specifies the filename. For example: -f c:'test.csv or -f c:'test.ldf.
  • The -s switch specifies the server to connect to. For example: -s WIN2008-dc1.
  • The –t switch specifies the LDAP port to use. For example: -t 10389.
  • The -d switch allows you to focus the export on one particular object or OU.  For example, exporting just the "Dev" OU and not the entire Active Directory domain: -d "ou=dev,dc=petrilab,dc=local", or exporting the user "James" in the "Dev" OU: -d "cn=james,ou=dev,dc=petrilab,dc=local".
  • The -r switch allows you to filter based upon object class of any other LDAP-type filter. For example: -r "(objectClass=user)".
  • Also see the "LDAP Search Samples for Windows Server 2003 and Exchange 2000/2003" article for some examples.

  • The -l switch (lower case "L") specifies the attributes to export. For example: -l telephonenumber.

Using CSVDE.exe

This tool is a command line tool that allows exporting of virtually any object or attribute from the AD database (or snapshot in this case). CSVDE.exe exports the data into CSV-based (Comma Separated Value) files. This makes it easy for usage in Excel or with a text editor.

CSVDE does not work with passwords, so you cannot use it to export passwords from the database. Also, CSVDE does not allow the editing or deleting of existing objects, even though that is not a concern when exporting objects (unless you plan to import that information back to the live AD).

To use CSVDE.exe on an AD snapshot follow these steps:

  1. Log on as a member of the Domain Admins group to the Windows Server 2008 Domain Controller where you've mounted the AD snapshot.
  2. Click Start, in the search box type CMD and press Enter.

First, we'll export the data from the live AD database by running this command:

C:'Users'Administrator>csvde -d "cn=james,ou=dev,dc=petrilab,dc=local" -r 

"(objectClass=user)" -l telephonenumber -f c:'test.csv

Connecting to "(null)"

Logging in as current user using SSPI

Exporting directory to file c:'test.csv

Searching for entries...

Writing out entries.

Export Completed. Post-processing in progress...

1 entries exported



The command has completed successfully

Next, we will use the same command, this time to connect to the AD snapshot at port 10389:

C:'Users'Administrator>csvde -s WIN2008-dc1 -t 10389 -d "cn=james,ou=dev,dc=petrilab,dc=local" -r "(objectClass=user)" -l 

telephonenumber -f c:'testsnap.csv

Connecting to "WIN2008-dc1"

Logging in as current user using SSPI

Exporting directory to file c:'testsnap.csv

Searching for entries...

Writing out entries

.

Export Completed. Post-processing in progress...

1 entries exported



The command has completed successfully

Looking at the resulting files, we see the difference in the information:

See links below for detailed information about the usage of this command.

Using LDIFDE.exe

Like CSVDE.exe, this tool is a command line tool that allows exporting of virtually any object or attribute from the AD database (or snapshot in this case). LDIFDE.exe exports the data into LDIF-based (LDAP Data Interchange Format) files. LDIF files are a cross-platform standard. This provides a method to populate Active Directory with data from other directory services. Unlike CSV files, LDIF files cannot be used in Excel, but can be opened with a text editor.

One of the major benefits of LDIFDE over CSVDE is that you can modify existing objects and even delete objects with LDIFDE.  However, LDIFDE doesn’t support changing Group Membership, and like CSVDE, it does not work with passwords, so you cannot use it to export passwords from the database.

To use LDP.exe on an AD snapshot follow these steps:

  1. Log on as a member of the Domain Admins group to the Windows Server 2008 Domain Controller where you've mounted the AD snapshot.
  2. Click Start, in the search box type CMD and press Enter.

First, we'll export the data from the live AD database by running this command:

C:'Users'Administrator>ldifde -d "cn=james,ou=dev,dc=petrilab,dc=local" -r "(objectClass=user)" -l telephonenumber -f c:'test.ldf

Connecting to "WIN2008-DC1.petrilab.local"

Logging in as current user using SSPI

Exporting directory to file c:'test.ldf

Searching for entries...

Writing out entries.

1 entries exported



The command has completed successfully

Next, we will use the same command, this time to connect to the AD snapshot at port 10389:

C:'Users'Administrator>ldifde -s WIN2008-dc1 -t 10389 -d "cn=james,ou=dev,dc=petrilab,dc=local" -r "(objectClass=user)" -l 

telephonenumber -f c:'testsnap.ldf

Connecting to "WIN2008-dc1"

Logging in as current user using SSPI

Exporting directory to file c:'testsnap.ldf

Searching for entries...

Writing out entries.

1 entries exported



The command has completed successfully

Looking at the resulting files, we see the difference in the information:

See links below for detailed information about the usage of this command.

Restoring Information

You can take the information found in your exported files and manually insert them back to the Active Directory live database. This is ok for a couple of objects or attributes. However for a lot of restore action I would suggest resorting to either the DSCT tool described in my "Directory Service Comparison Tool" article, to regular restore functionality such as described in my "Manually Undeleting Objects in Active Directory" and "Recovering Deleted Items in Active Directory" articles, or to scripting the exported data and preparing it for importing into the live AD. More on that in a future article.

Links

Recent Windows Server 2008 Forum threads

Got a question? Post it on our Windows Server 2008 forums!



Join The Petri Insider - Weekly IT Tutorial and Tips, Whitepaper and Webinars