johanvz1
asked on
Exporting all users in AD
Hi,
I am trying this command and when I run this:
ldifde -f C:\ldif\ExportUsers.ldf –s SERVERNAME -d "OU=YourOUname,dc=YourDoma
It tells me this:
ldifde -f C:\ldif\ExportUsers.ldf –s iserve.fs02.iserve.local -d "OU=User Accounts ,dc=iserve.local ,dc=com" -p subtree -r "(objectClass=User)" -l "cn,givenName,Title,SamAcc
it returns with error:
Invalid parameter bad argument -s.
Kind Regards,
Johan
I am trying this command and when I run this:
ldifde -f C:\ldif\ExportUsers.ldf –s SERVERNAME -d "OU=YourOUname,dc=YourDoma
It tells me this:
ldifde -f C:\ldif\ExportUsers.ldf –s iserve.fs02.iserve.local -d "OU=User Accounts ,dc=iserve.local ,dc=com" -p subtree -r "(objectClass=User)" -l "cn,givenName,Title,SamAcc
it returns with error:
Invalid parameter bad argument -s.
Kind Regards,
Johan
For starters:
Well silly question #1, have you got NTFS rightrs to create a file at the root of C:\ ?
Your "-d" entry is wrong, should be:
-d "OU=User Accounts,dc=iserve,iserve=
Steve
Well silly question #1, have you got NTFS rightrs to create a file at the root of C:\ ?
Your "-d" entry is wrong, should be:
-d "OU=User Accounts,dc=iserve,iserve=
Steve
or even
-d "OU=User Accounts,dc=iserve,dc=loca
-d "OU=User Accounts,dc=iserve,dc=loca
ASKER
Hi,
Yes I have rights to the root drive Im logged in directly on the server as Domain Administrator.
Why must you say dc=iserve,dc=local?
Is that too fool it with the FQDN?.
Rgds,
Johan
Yes I have rights to the root drive Im logged in directly on the server as Domain Administrator.
Why must you say dc=iserve,dc=local?
Is that too fool it with the FQDN?.
Rgds,
Johan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see now let me try it I was probably being dumb.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\>ldifde -f C:\ldif\ExportUsers.ldf -s iserve.fs02 -d "OU=User Accounts ,dc=is
erve ,dc=local" -p subtree -r "(objectClass=User)" -l "cn,givenName,Title,SamAcc
ountName"
Invalid Parameter: Bad argument '-s'
still giving this error
ldifde -f C:\ldif\ExportUsers.ldf -d "OU=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
-l "cn,givenName,Title,SamAcc
Run this on the GC(Global Catalog) in your domain.
-l "cn,givenName,Title,SamAcc
Run this on the GC(Global Catalog) in your domain.
ASKER
What is the global catalog?. sorry for asking dumb question
If you have only one domain controller in your site, run this on that.
Global Catalog server is a domain controller which contains all the information about domain.
All I am saying is to run it without -s option.
Also, try one more thing.
Goto on command prompt on one of the domain controller.
Type:
hostname
This will give you some name, copy it and use it as it is with the -s option, instead of using "iserve.fs02".
Global Catalog server is a domain controller which contains all the information about domain.
All I am saying is to run it without -s option.
Also, try one more thing.
Goto on command prompt on one of the domain controller.
Type:
hostname
This will give you some name, copy it and use it as it is with the -s option, instead of using "iserve.fs02".
ASKER
what would the exact command be now?.
ldifde -f C:\ldif\ExportUsers.ldf -d "OU=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
-l "cn,givenName,Title,SamAcc
AND
ldifde -f C:\ldif\ExportUsers.ldf -s %COMPUTERNAME% -d "OU=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
-l "cn,givenName,Title,SamAcc
Use both. One should work.
Also, "OU=User Accounts" may not work as this is not an OU its a CN.
So, you should use "CN=User Accounts" instead.
-l "cn,givenName,Title,SamAcc
AND
ldifde -f C:\ldif\ExportUsers.ldf -s %COMPUTERNAME% -d "OU=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
-l "cn,givenName,Title,SamAcc
Use both. One should work.
Also, "OU=User Accounts" may not work as this is not an OU its a CN.
So, you should use "CN=User Accounts" instead.
ASKER
Hi,
Where would the actual export file be located?. And should I worried about the fact that it keeps asking me about -j log file ?.
Where would the actual export file be located?. And should I worried about the fact that it keeps asking me about -j log file ?.
File would be located at c:\LDIF Folder.
If this folder does not exist on drive C, the either change the -f option to c:\exportusers.ldf
or
Create a folder on drive c: named LDIF.
If this folder does not exist on drive C, the either change the -f option to c:\exportusers.ldf
or
Create a folder on drive c: named LDIF.
ASKER
When I run it as
ldifde -f C:\ldif\ExportUsers.ldf -d "CN=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
-l "cn,givenName,Title,SamAcc
It does this:
C:\>ldifde -f C:\ldif\ExportUsers.ldf -d "CN=User Accounts ,dc=iserve ,dc=local
" -p subtree -r "(objectClass=User)"
Connecting to "ise-fs02.iserve.local"
Logging in as current user using SSPI
Exporting directory to file C:\ldif\ExportUsers.ldf
Searching for entries...
Error opening output file.
The error code is 3
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
C:\>-l "cn,givenName,Title,SamAcc
'-l' is not recognized as an internal or external command,
operable program or batch file.
ldifde -f C:\ldif\ExportUsers.ldf -d "CN=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
-l "cn,givenName,Title,SamAcc
It does this:
C:\>ldifde -f C:\ldif\ExportUsers.ldf -d "CN=User Accounts ,dc=iserve ,dc=local
" -p subtree -r "(objectClass=User)"
Connecting to "ise-fs02.iserve.local"
Logging in as current user using SSPI
Exporting directory to file C:\ldif\ExportUsers.ldf
Searching for entries...
Error opening output file.
The error code is 3
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
C:\>-l "cn,givenName,Title,SamAcc
'-l' is not recognized as an internal or external command,
operable program or batch file.
csvde /? would be preferrable...
if you want to export all users to a file that can be imported to another test domain, you can do this...
csvde -f somefile.csv -m -r "(objectclass=user)"
this will export all users and computers...the -m strips the GUIDS so you can import it into an new domain...I would assume the same syntax would work for ldifde...both methods work, ldifde allows you to modify existing objects...csvde is simply export/import...no modify.
m
if you want to export all users to a file that can be imported to another test domain, you can do this...
csvde -f somefile.csv -m -r "(objectclass=user)"
this will export all users and computers...the -m strips the GUIDS so you can import it into an new domain...I would assume the same syntax would work for ldifde...both methods work, ldifde allows you to modify existing objects...csvde is simply export/import...no modify.
m
The error was due to folder does not exist in c:.
Create a folder in drive c:\ and name it LDIF.
This should do the trick.
Also,
>C:\>-l "cn,givenName,Title,SamAcc
>'-l' is not recognized as an internal or external command,
>operable program or batch file.
This is incorrect command.
Create a folder in drive c:\ and name it LDIF.
This should do the trick.
Also,
>C:\>-l "cn,givenName,Title,SamAcc
>'-l' is not recognized as an internal or external command,
>operable program or batch file.
This is incorrect command.
ASKER
Hi,
I have run this:
ldifde -f C:\ldif\ExportUsers.ldf -d "CN=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
It processess successfully now after I have created the folder c:\ldif\
But is says no entries found. And the ExportsUsers.ldf file is empty.
I have run this:
ldifde -f C:\ldif\ExportUsers.ldf -d "CN=User Accounts ,dc=iserve ,dc=local" -p subtree -r "(objectClass=User)"
It processess successfully now after I have created the folder c:\ldif\
But is says no entries found. And the ExportsUsers.ldf file is empty.
I would guess that the cn=user accounts should say users? unless you created an OU named user accounts. the default container created in AD is called users. if this is where they are located, try Users, or if it is an OU then do OU=User Accounts.
oh yeah...are using Small Business server? is it a nested ou? if so, then you have to type all the parent ou's. ie...ou=user accounts, ou=my company,dc=iserve,dc=local
again, the default "container" is Users...not user accounts...so CN=Users....not CN=User Accounts...
again, the default "container" is Users...not user accounts...so CN=Users....not CN=User Accounts...
ASKER
I have made that change to users but it seems to have extacrec 5 groups and not users. It also has a lot of information I dont need for example I only want username,logon name and if the account is active or disabled and what groups it has membership to. I have windows 2003 server standard edition.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try simplifying your command as well...see if you can first get the users...without the other switches...and then add 1 switch at a time until you get the desired results...
ASKER
Hi,
I have just noticed that by default there exists a Users OU but the previous administrator has also created a OU within the root of the domain called User Accounts and within this OU he has made several containers with users in them. Now the 5 entries which has been written out by the previous export command are those within the oringinal OU eg Administrator and Guest.
I have tried running it with the name for the OU as User Accounts and UserAccounts individually. I am trying to get it all the users withi the containers within this created OU.
I am trying to play around with the syntax might it for some reason pick up the OU with a different text name than the Ou's display name?.
Rgds,
Johan
I have just noticed that by default there exists a Users OU but the previous administrator has also created a OU within the root of the domain called User Accounts and within this OU he has made several containers with users in them. Now the 5 entries which has been written out by the previous export command are those within the oringinal OU eg Administrator and Guest.
I have tried running it with the name for the OU as User Accounts and UserAccounts individually. I am trying to get it all the users withi the containers within this created OU.
I am trying to play around with the syntax might it for some reason pick up the OU with a different text name than the Ou's display name?.
Rgds,
Johan
ASKER
CSVDE -d "OU=User Accounts,DC=iserve,dc=loca
This has given me all the information I want can I tell from this if the account is disabled or not?. I want to see which counts are disabled or have expired pwd's?.
This has given me all the information I want can I tell from this if the account is disabled or not?. I want to see which counts are disabled or have expired pwd's?.
what would work better would be to run a vbscript against the domain for the users...otherwise...look at the user account control attribute and "I think" an account control of 512 is disabled. there is another attribute for expired passwords....but do not know it off the top of my head...hold on.
How to export only user created/disabled date with user name?
This might be too obvious, but the command in the original post was missing a dash before the s. It should be:
ldifde -f C:\ldif\ExportUsers.ldf -s SERVERNAME -d "OU=YourOUname,dc=YourDoma
ldifde -f C:\ldif\ExportUsers.ldf -s SERVERNAME -d "OU=YourOUname,dc=YourDoma
ASKER
Even in trying basic command eg:
ldifde -f output.ldf -j c:\log.txt
It returns with unable to open log file.
What format must log file be?.My first time using ldifde.
Rgds,
Johan