Export users from a 2003 AD and import into 2008 AD using LDIFDE

I’ve just had to create a copy of a set of user accounts in our labs environment copied from our development domain. The development domain contained all the user accounts we wanted in a specific OU (and sub-OU’s) but had a whole bunch of schema extensions applied to the the User attribute class that we didn’t have in our labs domain. For example, Exchange and Office Communication Server had updated the schema for the User class so copying those attributes across would throw an error on the import.
Figuring out what constitutes a ‘clean’ User attribute class required reference to the Microsoft documentation. Unfortunately you have to drill into every attributes page in order to determine what the ldap name for the attribute is. Someone else has recognised this problem and product a handy cross reference here.
The final script I would up with excludes all the attributes in our source not present in the destination. The alternative approach would have been to include whatever the tech docs said was in the User attribute class by default:
ldifde -s dc01.sourcedomain.net -b SERVICEACCOUNTUSER sourcedomain.net SERVICEACCOUNTPASS -m -f Exportuser.ldf -o autoReplyMessage,deletedItemFlags,deliverAndRedirect,dSCorePropagationData,extensionAttribute1,extensionAttribute2,extensionAttribute3,extensionAttribute4,extensionAttribute5,extensionAttribute6,extensionAttribute7,extensionAttribute8,extensionAttribute9,extensionAttribute10,extensionAttribute11,extensionAttribute12,extensionAttribute13,extensionAttribute14,extensionAttribute15,instanceType,mailNickname,mAPIRecipient,mDBUseDefaults,msExchALObjectVersion,msExchHideFromAddressLists,msExchHomeServerName,msExchMailboxGuid,msExchMailboxSecurityDescriptor,msExchMasterAccountSid,msExchPoliciesIncluded,msExchRequireAuthToSendTo,msExchUserAccountControl,msRTCSIP-ArchivingEnabled,msRTCSIP-InternetAccessEnabled,msRTCSIP-OptionFlags,msRTCSIP-UserEnabled,msRTCSIP-PrimaryUserAddress,msRTCSIP-UserPolicy,objectCategory,replicationSensitivity,sIDHistory,securityProtocol,protocolSettings,mDBOverHardQuotaLimit,mDBOverQuotaLimit,mDBStorageQuota,homeMDB,msExchPoliciesExcluded,msExchRecipLimit,lockoutTime,submissionContLength,publicDelegates,authOrig,msRTCSIP-PrimaryHomeServer,unauthOrig,homeMTA -d "OU=Accounts,OU=End User,DC=sourcedomain,DC=net" -c "DC=sourcedomain,DC=net" "DC=istm,DC=labs,DC=internal" -p subtree -r "(&(objectClass=User))"
ldifde -i -k -f Exportuser.ldf -j "C:\Users\logfilelocation"

About Matt Sinfield

Work in the IT industry but have a couple of hobbies, Snowboard, Kitesurf and of course XBox
This entry was posted in Work. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s