Re: Export/import AD
- From: Peter Kaufman <pmkdatabase_at_yahoo_dot_ca>
- Date: Sat, 20 Aug 2005 19:46:34 +0700
For the archives, I think this is wrong (I am sure you will correct me
if *I* am!).
>Anyway, for the user account objects try something like this:
>c:\>ldifde -i -f c:\users.ldf -s dc01.yourdomain.com -t 389 -d
-i switch would *import* data into the production AD, would it not?
Also, I think users is 805306368 not (sAMAccountType=805306369), which
seems to be computers.
Peter
On Fri, 19 Aug 2005 06:37:11 -0400, "Cary Shultz [A.D. MVP]"
<cwshultz@xxxxxxxx> wrote:
>Peter,
>
>I would do a search in this NG for postings from me about five to eight
>months ago. If you are using Outlook Express for your NG reader then this
>should be easy to do.
>
>Anyway, for the user account objects try something like this:
>
>c:\>ldifde -i -f c:\users.ldf -s dc01.yourdomain.com -t 389 -d
>"DC=yourdomain,DC=com" -r "(sAMAccountType=805306369)" -p subtree -l
>"cn,sAMAccountName,objectClass,userAccountControl,displayName,givenName,sn"
>
>For the group objects try something like this:
>
>c:\>ldifde -i -f c:\groups.ldf -s dc01.yourdomain.com -t 389 -d
>"DC=yourdomain,DC=com" -r objectClass=group)" -l "cn,groupType,member"
>
>Now, this is a very generic solution. Let's say, for example, that you keep
>all of your user account objects in an OU structure that looks like this:
>
>OU=Offices
>
> OU=Roanoke
> OU=Richmond
> OU=Blacksburg
> OU=Raleigh
>
>
>You search parameter for the user account objects could look like this: -d
>"OU=Offices,DC=yourdomain,DC=com" -p subtree. This might be a little bit
>better.
>
>NOTE: if you use the -m switch, then you can not use -r
>"(sAMAccountType=805306369)". You would have to go with the standard filter
>of -r "(&(objectCategory=person)(objectClass=user))".
>
>What does the -m switch do? It removed 'domain-specific information'. Now,
>what does that mean? Let's say that you have a mailbox size restriction.
>One that you have created with a policy on the Exchange Server. I forget
>the exact attributes but they are something like mbdefaultlimit,
>mboverdefaultlimit and mbhardoverdefaultlimit ( going from memory
>here.....something like this ). Each user account object that was subject
>to this policy would have those attributes and the corresponding value.
>Were you to use the -m switch then you would not see these attributes /
>values since they are specific to that domain!
>
>So, this is what you would run on your production environment. Then,
>recreate the environment on the test / lab server ( run dcpromo, et al ).
>Then, simply run c:\>ldifde -f c:\users.ldf ( assuming that this is where
>you have placed the .ldf file ). Next, run the c:\>ldifde -f c:\group.ldf
>file.
>
>Just make sure that your OU structure is the same in your test environment
>as in your producation environment. If it is not there will be a problem.
>
>Does that clear things up?
>
>Now, for a good into to ldifde and how to use it take a look at the
>following:
>
>http://support.microsoft.com/?id=237677
.
- Follow-Ups:
- Re: Export/import AD
- From: Cary Shultz [A.D. MVP]
- Re: Export/import AD
- References:
- Export/import AD
- From: Peter Kaufman
- Re: Export/import AD
- From: Cary Shultz [A.D. MVP]
- Re: Export/import AD
- From: Peter K
- Re: Export/import AD
- From: Cary Shultz [A.D. MVP]
- Export/import AD
- Prev by Date: Re: Workstation Logins
- Next by Date: Re: Changing from a "child like" parent domain to a proper top level domain
- Previous by thread: Re: Export/import AD
- Next by thread: Re: Export/import AD
- Index(es):
Relevant Pages
|
Loading
