The ldifde utility creates, modifies, and deletes directory objects. You can use ldifde to populate Active Directory Lightweight Directory Services (AD LDS) with data from other directory services. You can also use ldifde to extend the schema and export user and group information to other applications or services. For example, you can use ldifde to export directory objects from another directory service and then use ldifde to import the directory objects into an AD LDS instance.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.

To import or export directory objects using ldifde
  1. Open a command prompt.

  2. Do one of the following:

    • To import directory objects, at the command prompt, type the following command, and then press ENTER:

      ldifde -i -f filename -s servername:port -m -a username domain password

    • To export directory objects, at the command prompt, type the following command, and then press ENTER:

      ldifde -e -f filename -s servername:port -m -a username domain password

Parameter Description

-i

Performs an import.

-e

Performs an export.

-f

Specifies the file to import or export.

filename

The name of the file to import or export.

-s

Specifies the host name and port of the AD LDS instance or other directory service.

servername

The host name of the AD LDS instance or other directory service.

port

The port for the AD LDS instance or other directory service.

-m

Ignores (that is, does not import or export) attributes that are used only by Active Directory Domain Services (AD DS).

You can use this parameter when you export directory objects from an existing AD DS forest and import them into AD LDS.

-a

Specifies account credentials. If they are not provided, ldifde uses the credentials of the currently logged on user.

username

The user name of the account to be used to bind to the specified directory service.

domain

The domain name of the account to be used to bind to the specified directory service.

password

The password of the account to be used to bind to the specified directory service.

-h

Allows the importing of passwords using simple authentication and security layer (SASL) encryption.

-c String1 String2

Replaces all occurrences of String1 with String2. With AD LDS, you can use the constants #schemaNamingContext and #configurationNamingContext in place of the distinguished names of the schema directory partition and configuration directory partition when you replace strings in .ldf files.

To view the complete syntax for this command, at a command prompt, type the following command, and then press ENTER:

Ldifde /?

Additional considerations

  • To open a command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

Additional references


Table Of Contents