LDIFDE Export User from OU Location


One of the tricky situation of an Active Directory Administrator is User Management. Often they are challenged by the scenarios to extract user info , export user data from an OU to other or export User attributes from one Active Directory domain to other. Below sript is targetted to extract user information from an OU.

Export Single User Active Directory Attribute.

ldifde -f UserAttribute.ldf -s <Source DC FQDN> -d “CN=Standard Worker,OU=Research,DC=Innovative,DC=com” -p subtree -r “(&(objectCategory=person)(objectClass=User)(givenname=*))” -o “badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount, memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType”

The above script dumps Standard Worker attributes to UserAttribute.ldf. Before exporting the .ldf, Administrators has to perform the following

a) Remove the legacy domain DN and replace with target domain DN . In our example DC=innovative, dc=com  should be change to reflect DC=target, dc=com

b)Remove userAccountControl attribute from the export ( userattribute.ldf)

c) Remove Lastlogontimestamp attribute from the export ( userattribute.ldf)

d) Modify the OU path ( if required ) to reflect the user target OU.

Import the dump using

ldifde -i -f <file path> -s <destination AD FDQN>


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s