Working with Active Directory in an Enterprise? You need to learn AD batch oriented tools. Ldifde.exe (LDAP Data Interchange Format Directory Synchronization Tool) is an LDAP commandline tool which you can use to query AD. Most importantly ldifde can be used to bulk creation, modifying, or deleting user accounts (and other objects).

Using the GUI tools is OK for problem-solving and twiddling here or there but there is no substitute for script capable commandline oriented tools. LDIFDE comes with Windows 2000 Server. It can be found in the %WINDIR%\system32 location of a domain controller. It does not get installed on Widows 2000 Professional. Copying and using the ldifde.exe to W2K Pro works just fine.

There is a gotcha! : if you use LDIFE to export Active Directory objects in a multiple domain forest, the export may fail. If the objects are exported, and imported into another domain's AD, the information may be incomplete. The cause it that when you export objects that are in the domain-naming contents, and you do NOT specify a server, LDIFDE searches for a global catalog server. If a global catalog server that is a member of a different domain is located, it may not have all the required Active Directory attributes for the objects that you want to export.

Workaround : use the -s <servername> parameter when you use LDIFDE in a multiple domain forest.

LDIFDE Related tips:

• Step-by-Step Guide to Bulk Import and Export to Active Directory
• Using LDIFDE to Import and Export Directory Objects to the Active Directory
• How to Set a User's Password with Ldifde
• How to Modify Schema Information Using the Ldifde Utility
• How to Import a Third-Party Certificate into the NTAuth Store
• How to Rename an Object After a Replication Collision Has Occurred
• Ldifde.exe Returns an Error Message with "<" Character During Import
• LDIFDE Does Not Import Users from Trusted Domains
• The Ldifde Tool Stops Importing .ldif Files If an Attribute Contains Blank Spaces