Exporting From Active Directory With LDIFDE

If you have just setup a new server with Active Directory, the migration can be a real pain. There are some tools available, such as the Active Directory Migration Tool (ADMT), but there is also a great tool called LDIFDE.

LDIFDE is a fast and easy to use command line utility. With this tool you can export any part of Active Directory into a text file and you can specify which fields to include.

Here are some of the parameters you can use when exporting or importing with LDIFDE

General parameters:

-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to
-c FromDN ToDN Replace occurrences of FromDN to ToDN
-v Turn on Verbose Mode
-j Log File Location
-t Port Number (default = 389)
-? Help

Export parameters:

-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to "(objectClass=*)")
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for in an LDAP search.
-o list List of attributes (comma separated) to omit from input
-g Disable Paged Search
-m Enable the SAM logic on export
-n Do not export binary values

Some examples using LDIFDE

1) Export user accounts from the source domain:

ldifde -f outputfile.ldf -s Server1 -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName"

2) Basic Group Export

ldifde -f outputfile.ldf -s Server1 -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=group))" -l "cn,members"

As you can see above, the tool is very simple to use. It may take a few attempts to get the exact output you require so be prepared for a bit of trial and error.