Re: Dump of user accounts
From: Zman (Zman_at_discussions.microsoft.com)
Date: 12/17/04
- Next message: Lanwench [MVP - Exchange]: "Re: Can local accounts red group memberships on a W2K domain ?"
- Previous message: Ted Wood: "Re: PDC emulator lock up"
- In reply to: Paul Bergson: "Re: Dump of user accounts"
- Next in thread: Herb Martin: "Re: Dump of user accounts"
- Reply: Herb Martin: "Re: Dump of user accounts"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 17 Dec 2004 06:43:03 -0800
Thanks, but will this work on a W2K server? There are no W2003 servers in
the environment.
"Paul Bergson" wrote:
> Ldifde
>
>
> Ldifde
> Creates, modifies, and deletes directory objects on computers running
> Windows Server 2003 operating systems or Windows XP Professional. You can
> also use Ldifde to extend the schema, export Active Directory user and group
> information to other applications or services, and populate Active Directory
> with data from other directory services.
>
> Syntax
> ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
> Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
> LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
> UserDistinguishedName Password] [-b UserName Domain Password] [-?]
>
> Parameters
> -i
> Specifies import mode. If not specified, the default mode is export.
> -f FileName
> Identifies the import or export file name.
> -s ServerName
> Specifies the domain controller to perform the import or export operation.
> By default, Ldifde will run on the domain controller on which Ldifde is
> installed.
> -c String1 String2
> Replaces all occurrences of String1 with String2. This is generally used
> when importing data from one domain to another and the distinguished name of
> the export domain (String1) needs to be replaced with that of the import
> domain (String2).
> -v
> Sets verbose mode.
> -j Path
> Sets the log file location. The default is the current path.
> -t PortNumber
> Specifies a LDAP port number. The default LDAP port is 389. The global
> catalog port is 3268.
> -d BaseDN
> Sets the distinguished name of the search base for data export.
> -r LDAPFilter
> Creates a LDAP search filter for data export. For example, to export all
> users with a particular surname, you can use the following filter -r
> (and(objectClass=User)(sn=Surname))
> -p Scope
> Sets the search scope. Search scope options are Base, OneLevel, or
> SubTree.
> -l LDAPAttributeList
> Sets the list of attributes to return in the results of an export query.
> If this parameter is omitted, all attributes are returned.
> -o LDAPAttributeList
> Sets the list of attributes to omit from the results of an export query.
> This is typically used when exporting objects from Active Directory and then
> importing them into another LDAP-compliant directory. If attributes are not
> supported by another directory, you can omit the attributes from the result
> set using this option.
> -g
> Omits paged searches.
> -m
> Omits attributes that only apply to Active Directory objects such as the
> ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
> -n
> Omits export of binary values.
> -k
> Ignores errors during the import operation and continues processing. The
> following is a complete list of ignored errors:
> a.. object is already a member of the group
> b.. object class violation (meaning the specified object class does not
> exist), if the object being imported has no other attributes
> c.. object already exists
> d.. constraint violation
> e.. attribute or value already exists
> f.. no such object
> -a UserDistinguishedName Password
> Sets the command to run using the supplied UserDistinguishedName and
> Password. By default, the command will run using the credentials of the user
> currently logged on to the network.
> -b UserName Domain Password
> Sets the command to run using the supplied UserName Domain Password. By
> default, the command will run using the credentials of the user currently
> logged on to the network.
> -?
> Displays the command menu.
> Remarks
> a.. When creating the import file to use with the Ldifde command, use a
> changeType value to define the type of changes the import file will contain.
> The following changeType values are available: Value Description
> add Specifies that new content is contained in the import file.
> modify Specifies that existing content has been modified in the
> import file.
> delete Specifies that content has been deleted in the import file.
>
> The following is an example of an LDIF import file format using the add
> value.
>
> DN: CN=SampleUser,DC=DomainName
>
> changetype: add
>
> CN: SampleUser
>
> description: DescriptionOfFile
>
> objectClass: User
>
> sAMAccountName: SampleUser
>
> Examples
> To retrieve only the distinguished name, common name, first name, surname,
> and telephone number of the returned objects, type:
>
> -l DistinguishedName, CN, GivenName, SN, Telephone
>
> To omit the object GUID, type:
>
> -o whenCreated, whenChanged, objectGUID
>
> Formatting legend
> Format Meaning
> Italic Information that the user must supply
> Bold Elements that the user must type exactly as shown
> Ellipsis (...) Parameter that can be repeated several times in a
> command line
> Between brackets ([]) Optional items
> Between braces ({}); choices separated by pipe (|). Example:
> {even|odd} Set of choices from which the user must choose only one
> Courier font Code or program output
>
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> "Zman" <Zman@discussions.microsoft.com> wrote in message
> news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
> > Is there a utility/command that anyone knows of for getting a dump of all
> the
> > user accounts and date created in a W2K domain? We need this for auditing
> > purposes.
> >
> > Thanks
>
>
>
- Next message: Lanwench [MVP - Exchange]: "Re: Can local accounts red group memberships on a W2K domain ?"
- Previous message: Ted Wood: "Re: PDC emulator lock up"
- In reply to: Paul Bergson: "Re: Dump of user accounts"
- Next in thread: Herb Martin: "Re: Dump of user accounts"
- Reply: Herb Martin: "Re: Dump of user accounts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
