Using DSDE to Export a Particular OU to XML

Posted on 2007-10-02
Last Modified: 2009-02-21
Hi all,

I would like to export an particular subTree of an Organisational Unit in an Active Directory domain to XML. I have installed DSFW on the server and can run the following command successfully:

C:\DSFW\Tools>dsde /mode export /baseDN DC=domain,dc=local /server http://servername.domain.local/dsml/adssoap.dsmlx /protocol DSML /output C:\TEMP\AD.xml /attributes name,sn,givenName,title,telephoneNumber,objectClass,uid /scope subTree

However, this exports everything in the domain.

The tree in AD is as follows that I want to export:

+ Active Directory Users and Groups
++ domain.local
+++ TREE1
++++ TREE2
+++++ TREE3

Where TREE3 contains a number of sub folders (organisational units) and TREE1, TREE2, and TREE3 are organisation units themselves.

I suspect the /baseDN line needs to be changed however, if I change it to /baseDN OU=TREE3,OU=TREE2,OU=TREE1,DC=domain,DC=local then "0 entries were exported successfully".

Also, what's the attribute for the e-mail address of the users? I would like this to be in the XML too.

Any help much appreciated.


Question by:webtechy
    LVL 19

    Expert Comment

    You're probably correct about the DN path needing some tweaking....for one, if any of the three trees have a space in their name enclose the whole thing in quotes:

    /baseDN "OU=Tree 3,OU=Tree 2,OU=Tree 1,DC=domain,DC=local"

    Also, make sure all three are indeed OUs and not containers. Say for instance your top level (Tree1) is the default Users folder it would be.....OU=Tree3,OU=Tree2,CN=Users,DC.......

    And the e-mail attribute is just 'mail'.
    LVL 2

    Author Comment

    Thanks Aissim. I did actually try that with no joy. The icon looks like OU groups/folders - are the icons fro containers the same as OU groups? (Not got access to the machine to tell at the moment).
    LVL 19

    Accepted Solution

    The containers are just blank folder icons, whereas the OUs have a little open book on the folder icon.

    You could try coming up a couple levels with your baseDN, say to Tree1, just to see if that is successful and the syntax is correct.

    /baseDN OU=Tree1,DC=domain,DC=local

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now