Import or Export Directory Objects Using Ldifde
Applies To: Windows Server 2008
You can import data into an Active Directory Lightweight Directory Services (AD LDS) instance during setup of the instance (by using the Importing LDIF Files page in the Active Directory Lightweight Directory Services Setup Wizard) or manually anytime after creation of the instance by using the ldifde command-line tool, which creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema and to export user and group information to other applications or services. For example, you can use ldifde to export directory objects from another directory service and then use ldifde to import the directory objects into an AD LDS instance.
Membership in the AD LDS Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.
To import or export directory objects using ldifde
To open a command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
Do one of the following:
To import directory objects, at the command prompt, type the following command, and then press ENTER:
ldifde -i -f <filename> -s <servername>:<port> -m -a <username> <domain> <password>To export directory objects, at the command prompt, type the following command, and then press ENTER:
ldifde -e -f <filename> -s <servername>:<port> -m -a <username> <domain> <password>
| Parameter | Description |
|---|---|
ldifde |
Specifies a utility program that supports batch operations that are based on the LDIF file standard. |
-i |
Performs an import. |
-e |
Performs an export. |
-f |
Specifies the file to import or export. |
<filename> |
The name of the file to import or export. |
-s |
Specifies the host name and port of the AD LDS instance or other directory service. |
<servername> |
The host name of the AD LDS instance or other directory service. |
<port> |
The port for the AD LDS instance or other directory service. |
-m |
Ignores (that is, does not import or export) attributes that are used only by the Active Directory Domain Services AD DS. You can use this parameter when you export directory objects from an existing AD DS forest and then import them into AD LDS. |
-a |
Specifies account credentials. If they are not provided, ldifde uses the credentials of the currently logged on user. |
<username> |
The user name of the account to be used to bind to the specified directory service. |
<domain> |
The domain name of the account to be used to bind to the specified directory service. |
<password> |
The password of the account to be used to bind to the specified directory service. |
-h |
Allows the import of passwords by using simple authentication and security layer (SASL) encryption. |
-c <String1> <String2> |
Replaces all occurrences of String1 with String2. With AD LDS, you can use the constants #schemaNamingContext and #configurationNamingContext in place of the distinguished names of the schema directory partition and configuration directory partition when you replace strings in .ldf files. |
To view the complete syntax for this command, at a command prompt, type the following command, and then press ENTER:
ldifde /?
For more information, see Ldifde.