One of the tricky situation of an Active Directory Administrator is User Management. Often they are challenged by the scenarios to extract user info , export user data from an OU to other or export User attributes from one Active Directory domain to other. Below sript is targetted to extract user information from an OU.
Export Single User Active Directory Attribute.
ldifde -f UserAttribute.ldf -s <Source DC FQDN> -d “CN=Standard Worker,OU=Research,DC=Innovative,DC=com” -p subtree -r “(&(objectCategory=person)(objectClass=User)(givenname=*))” -o “badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount, memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType”
The above script dumps Standard Worker attributes to UserAttribute.ldf. Before exporting the .ldf, Administrators has to perform the following
a) Remove the legacy domain DN and replace with target domain DN . In our example DC=innovative, dc=com should be change to reflect DC=target, dc=com
b)Remove userAccountControl attribute from the export ( userattribute.ldf)
c) Remove Lastlogontimestamp attribute from the export ( userattribute.ldf)
d) Modify the OU path ( if required ) to reflect the user target OU.
Import the dump using
ldifde -i -f <file path> -s <destination AD FDQN>