No announcement yet.

ldifde syntax

  • Filter
  • Time
  • Show
Clear All
new posts

  • ldifde syntax


    can someone point me in the right direction regarding the syntax to export ad groups using ldifde? (2k AD)

    I have exported and imported the ou's and users succesfully following a microsoft doc, but when I have done the groups it appears to export ok, and imports without error but no changes are made.

    This is the command I tried:-

    ldifde -f exportOu.ldf -s Server1 -d "dc=Export,dc=com" -p subtree -r "(objectCategory=group)" -l "cn,objectclass,group"

    it works for ou's but I'm sure I'm missing something for the groups

    Thanks in advance


  • #2
    Re: ldifde syntax

    try the following:

    ldifde -f c:\temp\Groups.ldf -p subtree -d DC=domain,DC=com -l cn,objectclass,group -r "(&(objectCategory=Group)(objectClass=Group)(|(gro upType=(groupType=4)(groupType=2)))" -j c:\temp

    replace the Smiley with the Number "8" & ")" if I put them 2gether it gives me a smiley - look at the same as (groupType=4)

    "groupType=8" - Universal groups
    "groupType=4" - Global groups
    "groupType=2" - Domain Local groups
    "grouptype=-2147483640" - Security Universal groups
    "grouptype=-2147483646" - Security Global groups
    "grouptype=-2147483644" - Security Domain Local groups

    for an example if you want to export only security groups and not Distribution groups.
    ldifde -f c:\temp\Groups.csv -p subtree -d "OU=OU,DC=domain,DC=com" -l cn,objectclass,group -r "(|(grouptype=-2147483640)(grouptype=-2147483646)(grouptype=-2147483644))" -j c:\temp

    you don't have to use the grouptype filter if you don't want, you could export every thing:
    -r "(&(objectCategory=Group)(objectClass=Group))"

    if you remove from the command line the attributes leaving it blank it will export everything
    ldifde -f c:\temp\Groups.ldf -p subtree -d DC=domain,DC=com -r "(&(objectCategory=Group)(objectClass=Group))" -j c:\temp

    but note that not every Attribute could be Imported

    I personally export everything/attributes that I like like this csvde/ldifde:
    csvde -f c:\temp\Groups.csv -p subtree -d DC=domain,DC=com -l sAMAccountName,objectClass,distinguishedName,cn,DN ,groupType,name,legacyExchangeDN,mailNickname,disp layName,proxyAddresses,managedBy,member,memberOf,t extEncodedORAddress,authOrig,authOrigBL,unauthOrig ,unauthOrigBL,altRecipient,altRecipientBL,deliverA ndRedirect,publicDelegates,publicDelegatesBL,deliv ContLength,extensionAttribute1,extensionAttribute2 ,extensionAttribute3,extensionAttribute4,extension Attribute5,extensionAttribute6,extensionAttribute7 ,extensionAttribute8,extensionAttribute9,extension Attribute10,extensionAttribute11,extensionAttribut e12,extensionAttribute13,extensionAttribute14,exte nsionAttribute15,adminDescription,info,description -r "(&(objectCategory=Group)(objectClass=Group)(|(gro upType=(groupType=4)(groupType=2)))" -j c:\temp

    ldifde -f c:\temp\Groups.ldf -p subtree -d DC=domain,DC=com -l sAMAccountName,objectClass,distinguishedName,cn,DN ,groupType,name,legacyExchangeDN,mailNickname,disp layName,proxyAddresses,managedBy, textEncodedORAddress,authOrig,authOrigBL,unauthOri g,unauthOrigBL,altRecipient,altRecipientBL,deliver AndRedirect,publicDelegates,publicDelegatesBL,deli vContLength,member,memberOf,extensionAttribute1,ex tensionAttribute2,extensionAttribute3,extensionAtt ribute4,extensionAttribute5,extensionAttribute6,ex tensionAttribute7,extensionAttribute8,extensionAtt ribute9,extensionAttribute10,extensionAttribute11, extensionAttribute12,extensionAttribute13,extensio nAttribute14,extensionAttribute15,adminDescription ,info,description -r "(&(objectCategory=Group)(objectClass=Group)(|(gro upType=(groupType=4)(groupType=2)))" -j c:\temp
    Last edited by Akila; 7th June 2008, 18:38.