The LDIFDE Utility

The LDIFDE utility is a Microsoft-made command-line tool to perform bulk directory export-import operations. The executable file name is ldifde.exe. It may be found in the %WINDIR%\system32 location of a domain controller. It does not get installed by default on Widows 2000 Professional. Copying and using the ldifde.exe file works just fine.

Display command-line syntax help by typing either ldifde or ldifde -? at command prompt (see Figure below).

Help screen displayed by the LDIFDE utility.

To export all objects from an external LDAP server to a local file I used the following command:

ldifde -s tazdevil -f c:\tazdevil.ldf

LDIFDE utility performing an export operation.

As you can see, the effort was quite elaborate, resulting in 994 exported objects (most of them being schema objects). The format of the file is LDIF (the LDAP data intechange format) as defined by RFC 2849, which makes the utility interoperable with other similar utilities not necessarily written by Microsoft. In theory, it should be possible to export objects from any compatible LDAP server to an LDIF file, and then import them into another server if permissions allow. You can probably go accross different platforms here as well (exporting from Windows to Unix or vice versa) by using LDAP TCP connection or exporting to a file, moving it to another system, and then using a native import utility.

You can supply security credentials (user identification and password) to LDIFDE using -a or -b parameters. If they are omitted the utility uses the security context of the current user.