IT Blog

DevOps Technical Articles

Using LDIFDE to export/import Active Directory

Need to migrate a Active Directory from your current domain to a completely new domain? This can be daunting task which I will advise how simple it can really be by using a couple of simple tools.

We will be using LDIFDE, a command line utility that allows us to export AD objects and import them back in.

Firstly, lets Export our organisational units:

ldifde -f ExportOu.ldf -s server.srcdomain.local -d "ou=my company,dc=srcdomain,dc=local" -p subtree -r "(objectCategory=organizationalUnit)" -l "cn,objectclass,ou" -c "ou=my company,dc=srcdomain,dc=local" "ou=my company,dc=destdomain,dc=local"


Let’s examine the options in a little details:


    

  • -f – Is the destination filename with “.ldf” extension (which can be opened in a text editor by the way)
    • 

  • -s – The source AD server to get the info from
    • 

  • -d – The root OU will be acquiring from
    • 

  • -p subtree – Traverse sub tree objects
    • 

  • -r – We are choosing only OU objects
    • 

  • -l – What attributes to extract from the OU objects
    • 

  • -c – This is important to specify the “find and replace” methodology for inserting onto the destination domain (handy if different domains names otherwise if identical domain names running side by side can be ignored).
    • 



The above options will be the basis for the rest of this article.


Now let’s import the OU’s into the new domain:


ldifde -i -f ExportOu.ldf -k -s server.destdomain.local


The main difference is the -i switch which specifies that we will be importing into the domain.


Now we have the OU’s, lets add the users export the users:


ldifde -f ExportUser.ldf -s  server.srcdomain.local  -d "ou=my company,dc=srcdomain,dc=local" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName,memberof"-c "ou=my company,dc=srcdomain,dc=local" "ou=my company,dc=destdomain,dc=local"


 


Now let’s import our users to the new domain:


ldifde -i –f ExportUser.ldf -k –s server.destdomain.local


Now let’s do the groups:


ldifde -f ExportGroup.ldf -s  server.srcdomain.local  -d "ou=my company,dc=srcdomain,dc=local" -p subtree -r "(&(objectCategory=group)(objectClass=group))" -l "cn,givenName,objectclass,member,memberof,managedby" –c  "ou=my company,dc=srcdomain,dc=local" "ou=my company,dc=destdomain,dc=local"


and the import…


ldifde -i –f ExportGroup.ldf -k –s server.destdomain.local