Windows Server 2008 : Working with Active Directory Accounts - Using ldifde to Export, Import, and Delete Accounts

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

The ldifde command works on line-delimited, or line-separated values within files. You can use it to import or export data into or out of Active Directory (AD). You execute these commands on a domain controller (while logged on with an account with administrative permissions).


The L in ldifde represents the Lightweight Directory Access Protocol, and dif represents data interchange format. The last two letters (de) represent directory exchange.

The following table shows some common switches used with ldifde.

ldifde SwitchComments
-iImport mode. If not included, the default mode is export.
-kIgnores errors. Enables the operation to continue even if there are errors. The lines with errors are not processed, but other lines are as long as they aren’t dependent on the line that had an error. If omitted, the operation stops at the first error and none of the lines are processed.
-f filenameFilename. Identifies the name of the file to use for the import or export operation.
-b user domain passwordSpecifies the username, domain, and password of the account to run the operation. If not specified, the command runs under the context of the currently logged-on user. If the user has appropriate permissions, this switch is not needed.
-j pathSpecifies the path for a log file.


This is not the actual filename but instead just the path. The error log is named ldif.err and can be opened with Notepad.

-vEnable verbose mode. This provides the most words in the output and is useful when troubleshooting problems with the command.

Use the following command to export all the accounts from the domain into a file named export.txt:

ldifde -f ldexport.txt


You can learn a lot about the different attributes used with ldifde by browsing through the export.txt file created from this command.

When importing accounts, you need a file that includes the accounts in a line-delimited format. Each line identifies specific attributes of an account, and the formatting of this file is critical. The following table shows some of the elements you can add to the file.

Input File AttributesComments
# commentsYou can add comments with a hash mark. The ldifde command ignores comments.
dn: dnThe distinguished name (dn) attribute identifies the account name and location using a distinguished name.
changetype: {add | modify |

This identifies whether you’ll be adding, modifying, or deleting accounts.
objectclass: {user | computer
| organizationalunit}

You can create users, computers, organizational units, and more by identifying them in the objectclass attribute.
samaccountname: nameThe SAM account name shows the account in the legacy (pre-Windows 2000) name format. Figure 1 shows the SAM account name for a user in the text box to the right of the text box labeled PEARSON\.


The SAM account name is sometimes listed as domain-name\account-name; however, you need only the account name for the ldifde file.

userprincipalname: upnThe user principal name (upn) looks like an email address. It’s created by combining the user logon name with a suffix that identifies the domain. In Figure 1, the UPN is [email protected].
displayname: nameThis is the name listed in the General tab of the account properties in the Display Name text box. In Figure 1, it is Darril Gibson (with a space) in the Sales\East OU.


This is not the name displayed in the Active Directory Users and Computers (ADUC) console. That name is derived from the common name (CN) attribute in the DN.

givenname: firstnameThe first name is identified as given name.
sn: lastnameThe last name is identified as sn.
useraccountcontrol: {512 |

You can specify that the account is enabled (512) or disabled (514) with the useraccountcontrol attribute.


If you don’t specify the password, or if the password doesn’t meet the complexity requirements, the command will fail unless you use 514 to disable the user.

Figure 1. User account in ADUC

As an example, you can use the following data in a file named ldou.txt:

#create an OU
dn: ou=test,dc=pearson,dc=pub
changetype: add
objectclass: organizationalunit

You can then use the following command to create the Organizational Unit (OU) in the domain:

ldifde -i -f lduser.txt -v -j c:\de

The command specifies that it is an import (-i), from the file named ldou.txt (-f lduser.txt), with a verbose output (-v), and sends error to a log file in the c:\de folder (-j c:\de).

You can delete the OU by using the following data in a file named lddel.txt. Notice that the only difference is that the changetype is delete instead of add, and you don’t need to specify the objectclass.

#create an OU
dn: ou=test,dc=pearson,dc=pub
changetype: delete

The following command deletes the OU:

ldifde -i -f lddel.txt -v -j c:\de

As another example, you can use the following data in a file named lduser.txt to create a user:

#Create a user
dn: cn=Marina,ou=sales,dc=pearson, dc=pub
changetype: add
objectclass: user
samaccountname: Marina
userprincipalname: [email protected]
displayname: Marina Jonason
givenname: Marina
sn: Jonason
useraccountcontrol: 514

You can then execute the following command to add the user to the domain:

ldifde -i -f lduser.txt -v -j c:\de

The command specifies that it is an import, from the file named lduser.txt, with a verbose output, and logs errors to a file in the c:\de folder.

Figure 2 shows the account created in ADUC.

Figure 2. Marina user account created from ldifde
  •  Automating Windows 7 Installation : Preparing a System with Sysprep
  •  Automating Windows 7 Installation : Creating Bootable WinPE Media
  •  Automating Windows 7 Installation : Creating Your First Image, Using the Windows Automated Installation Kit
  •  Automating Windows 7 Installation : Getting Familiar with Microsoft Images (part 2) - Creating Operating System Images
  •  Automating Windows 7 Installation : Getting Familiar with Microsoft Images (part 1) - Creating a Bootable VHD Image
  •  Windows 8 : Scheduling Maintenance Tasks - Viewing and Managing Tasks on Local and Remote Systems
  •  Windows 8 : Detecting and Resolving Windows 8 Errors - Using the Event Logs for Error Tracking and Diagnosis, Viewing and Managing the Event Logs
  •  Windows 8 : Using Remote Assistance to Resolve Problems
  •  Windows 8 : Managing Automatic Updates
  •  Windows 8 : Managing Installed and Running Programs (part 3) - Configuring AutoPlay Options, Adding and Removing Windows Features
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us