Re: Dump of user accounts

From: Herb Martin (news_at_LearnQuick.com)
Date: 12/17/04 

Date: Fri, 17 Dec 2004 14:46:33 -0600

Yes. Both are LDAP servers and both support LDIFDE.exe,

It is in the System32 directory of both servers. 

-- 
Herb Martin
"Zman" <Zman@discussions.microsoft.com> wrote in message
news:F7451968-7931-42D7-89A6-E170444F484D@microsoft.com...
> Thanks, but will this work on a W2K server?  There are no W2003 servers in
> the environment.
>
> "Paul Bergson" wrote:
>
> > Ldifde
> >
> >
> > Ldifde
> > Creates, modifies, and deletes directory objects on computers running
> > Windows Server 2003 operating systems or Windows XP Professional. You
can
> > also use Ldifde to extend the schema, export Active Directory user and
group
> > information to other applications or services, and populate Active
Directory
> > with data from other directory services.
> >
> > Syntax
> > ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
> > Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
> > LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
> > UserDistinguishedName Password] [-b UserName Domain Password] [-?]
> >
> > Parameters
> >   -i
> >   Specifies import mode. If not specified, the default mode is export.
> >   -f FileName
> >   Identifies the import or export file name.
> >   -s ServerName
> >   Specifies the domain controller to perform the import or export
operation.
> > By default, Ldifde will run on the domain controller on which Ldifde is
> > installed.
> >   -c String1 String2
> >   Replaces all occurrences of String1 with String2. This is generally
used
> > when importing data from one domain to another and the distinguished
name of
> > the export domain (String1) needs to be replaced with that of the import
> > domain (String2).
> >   -v
> >   Sets verbose mode.
> >   -j Path
> >   Sets the log file location. The default is the current path.
> >   -t PortNumber
> >   Specifies a LDAP port number. The default LDAP port is 389. The global
> > catalog port is 3268.
> >   -d BaseDN
> >   Sets the distinguished name of the search base for data export.
> >   -r LDAPFilter
> >   Creates a LDAP search filter for data export. For example, to export
all
> > users with a particular surname, you can use the following filter -r
> > (and(objectClass=User)(sn=Surname))
> >   -p Scope
> >   Sets the search scope. Search scope options are Base, OneLevel, or
> > SubTree.
> >   -l LDAPAttributeList
> >   Sets the list of attributes to return in the results of an export
query.
> > If this parameter is omitted, all attributes are returned.
> >   -o LDAPAttributeList
> >   Sets the list of attributes to omit from the results of an export
query.
> > This is typically used when exporting objects from Active Directory and
then
> > importing them into another LDAP-compliant directory. If attributes are
not
> > supported by another directory, you can omit the attributes from the
result
> > set using this option.
> >   -g
> >   Omits paged searches.
> >   -m
> >   Omits attributes that only apply to Active Directory objects such as
the
> > ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
> >   -n
> >   Omits export of binary values.
> >   -k
> >   Ignores errors during the import operation and continues processing.
The
> > following is a complete list of ignored errors:
> >     a.. object is already a member of the group
> >     b.. object class violation (meaning the specified object class does
not
> > exist), if the object being imported has no other attributes
> >     c.. object already exists
> >     d.. constraint violation
> >     e.. attribute or value already exists
> >     f.. no such object
> >   -a UserDistinguishedName Password
> >   Sets the command to run using the supplied UserDistinguishedName and
> > Password. By default, the command will run using the credentials of the
user
> > currently logged on to the network.
> >   -b UserName Domain Password
> >   Sets the command to run using the supplied UserName Domain Password.
By
> > default, the command will run using the credentials of the user
currently
> > logged on to the network.
> >   -?
> >   Displays the command menu.
> > Remarks
> >   a.. When creating the import file to use with the Ldifde command, use
a
> > changeType value to define the type of changes the import file will
contain.
> > The following changeType values are available: Value Description
> >         add Specifies that new content is contained in the import file.
> >         modify Specifies that existing content has been modified in the
> > import file.
> >         delete Specifies that content has been deleted in the import
file.
> >
> > The following is an example of an LDIF import file format using the add
> > value.
> >
> > DN: CN=SampleUser,DC=DomainName
> >
> > changetype: add
> >
> > CN: SampleUser
> >
> > description: DescriptionOfFile
> >
> > objectClass: User
> >
> > sAMAccountName: SampleUser
> >
> > Examples
> > To retrieve only the distinguished name, common name, first name,
surname,
> > and telephone number of the returned objects, type:
> >
> > -l DistinguishedName, CN, GivenName, SN, Telephone
> >
> > To omit the object GUID, type:
> >
> > -o whenCreated, whenChanged, objectGUID
> >
> > Formatting legend
> >       Format Meaning
> >       Italic Information that the user must supply
> >       Bold Elements that the user must type exactly as shown
> >       Ellipsis (...) Parameter that can be repeated several times in a
> > command line
> >       Between brackets ([]) Optional items
> >       Between braces ({}); choices separated by pipe (|). Example:
> > {even|odd} Set of choices from which the user must choose only one
> >       Courier font Code or program output
> >
> >
> > -- 
> >
> > Paul Bergson  MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> >
> > "Zman" <Zman@discussions.microsoft.com> wrote in message
> > news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
> > > Is there a utility/command that anyone knows of for getting a dump of
all
> > the
> > > user accounts and date created in a W2K domain?  We need this for
auditing
> > > purposes.
> > >
> > > Thanks
> >
> >
> >

Relevant Pages

  • Re: Dump of user accounts
    ... The problem with LDIFDE is it'll give you too much output;-) ... Both are LDAP servers and both support LDIFDE.exe, It is in the System32 directory of both servers. ... If attributes are not>> supported by another directory, you can omit the attributes from the result>> set using this option. ... the command will run using the credentials of the user>> currently logged on to the network. ...
    (microsoft.public.win2000.active_directory)
  • LDAP Data Dumps
    ... I am trying to get a data dump of some fields from one of our ldap ... servers. ... Is there any way to get this information via command line? ...
    (RedHat)
  • [2/3] POHMELFS: Documentation.
    ... * Client is able to switch between different servers (if one goes down, ... * Read requests balancing between multiple servers. ... Each transaction contains all information needed to process given command ...
    (Linux-Kernel)
  • [2/3] POHMELFS: documentation.
    ... +POHMELFS: Parallel Optimized Host Message Exchange Layered File System. ... * Read request balancing between multiple servers. ... +command (or set of commands, which is frequently used during data writing: ... +POHMELFS is capable of full data channel encryption and/or strong crypto hashing. ...
    (Linux-Kernel)
  • Re: AD 2003 - Time Services
    ... You shouldn't have run the /setsntp command on anything other than the PDCe. ... All other domain members are set, by default, to use Nt5Ds -which means the ... Win2000/2003 Servers in a mixed-mode 2003 Active Directory. ... The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. ...
    (microsoft.public.windows.server.active_directory)