LDIFDE COMMANDS:
 
1. Command to export the user with a given name of SAM Account
 
ldifde -f exportuser.ldf -s computer_name -r (samaccountname=SAMLNAME)
 
2. Command to export Organizational Units:
 
Running this command exports all OUs except domain controllers into a file named ExportOU.ldf. 
ldifde -f exportOu.ldf -s Server1 -d "dc=Export,dc=com" -p subtree -r "(objectClass=organizationalUnit)" -l "cn,objectclass,ou"
 
3. Export the User Accounts from the Source Domain
 
ldifde -f Exportuser.ldf -s Server1 -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName"
Running this command exports all users in the Export domain into a file named Exportuser.ldf. If you do not have all the required attributes, the import operation does not work. The attributes objectclass and samAccountName are required, but more can be added as needed.
 
4. Command to Import users from a LDF file:
 
ldifde -i -f Exportuser.ldf -s Server2
 
5. Exporting User Account attributes except attributes those can’t be imported: (Using –o switch)
 
This is another example filter that will export all User Account data except for the attributes that cannot be imported:
 
ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount, memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
 
            Another Example: To export for any given SamAccountName:
 
ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount, memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
 
6. Exporting Objects from an Entire Forest (any given attribute will be exported with –i switch)
 
If you need to import everything from a forest you need to run LDIFDE command against Global Catalog server:

For example, to perform the export operation outlined against a GC, the LDIFDE command would be:
 
ldifde -f Exportuser.ldf -s Server1 -t 3268 -d "dc=Export,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,sAMAccountName"
 
7. Simple Import of current domain: It will import only domain data NOT the Forest-Specific.
 
ldifde -i -f INPUT.LDF
 
8. Simple Export of current domain:   It will export only domain related data NOT the Forest-Specific.
 
ldifde -f OUTPUT.LDF 
 
9. Export of a domain with supplied credentials:
 
ldifde -m -f OUTPUT.LDF -b USERNAME DOMAINNAME -s SERVERNAME
           -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
           -r "(objectClass=user)"
 
10. Exporting User or Person or Organizational Unit:
 
ldifde -v -s w2ks -d "dc=slowe,dc=com" -p subtree -r "(objectClass=clss_name)" -f users.txt
 
You'll notice a number of additional parameters here:
 
-v turns on verbose mode so that I could see the results
 
-d specifies the root of the search. While it was not required for this search, I included it to show you the format.
 
-p narrows the search to the subtree in question. The other options for the –p parameter are base and one level.
 
-r is used in the example with a parameter of “(objectClass=person)”. This parameter specifies the LDAP filter to use for LDIFDE. In my case, I wanted  only people, so I chose an objectClass of "person."
 
11. A Simple VBScript to change a user’s password: You can also modify strUser and strOU value:
 
strUser = InputBox("Enter full name of user")
strOU = InputBox("Enter OU where user's account resides")
Set objUser = GetObject("LDAP://CN=" & strUser & ",OU=" & strOU & ",DC=testdomain,DC=local")
objUser.SetPassword "password"
MsgBox "Done!"
 
12. To change a user’s password using LDIFDE tool:
 
The following sample Ldif file (chPwd.ldif) changes a password to newPassword:
dn: CN=TestUser,DC=testdomain,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=
-
 
ldifde -i -f chPwd.ldif -t 636 -s dcname -b username domain password
 
13. Import Example user account entry with all required and optional fields:
 
dn: CN=user1,CN=Users,DC=domain,DC=com
changetype: add
accountExpires: 0
codePage: 0
cn: zach
countryCode: 0
displayName: Test User
instanceType: 4
logonHours:: ////////////////////////////
distinguishedName: CN=user1,CN=Users,DC=domain,DC=com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com
objectClass: user           ------------ Required Attribute
name: User1
sAMAccountName: user1       ------------ Required Attribute
userAccountControl: 66048   ------------ This sets this account to be enabled
uSNChanged: 1556
uSNCreated: 1556
whenChanged: 20001012214849.0Z
whenCreated: 20001012214849.0Z
 
14. Sample Format for adding more than one user:
 
dn: CN=user1,CN=Users,DC=domain,DC=com
changetype: add
cn: user
objectClass: user           ------------ Required Attribute
sAMAccountName: user1       ------------ Required Attribute
userAccountControl: 66048   ------------ This sets this account to be enabled
 
dn: CN=user2,CN=Users,DC=domain,DC=com
changetype: add
cn: user2
objectClass: user           ------------ Required Attribute
sAMAccountName: user2       ------------ Required Attribute
userAccountControl: 66048   ------------ This sets this account to be enabled
 
      
15. Sample Import/Modify File Format:
 
dn: CN=Jane Doe,OU=Staff,DC=microsoft,DC=com
changetype: modify
replace: extensionAttribute1
extensionAttribute1: Staff
-
dn: CN=John Doe,OU=Staff,DC=microsoft,DC=com
changetype: modify
replace: extensionAttribute1
extensionAttribute1: Staff
-
And so on…..