Information that is similar to the following may be displayed while the import is in progress:
Logging in as current user using SSPI
Importing directory from file "import.ldf"
Add error on line 1: Unwilling To Perform
The server side error is "Access to the attribute is not permitted
because the attribute is owned by the Security Accounts Manager (SAM)."
0 entries modified successfully.
An error has occurred in the program
Data that cannot be written to Active Directory may exist when you try to import data that was originally exported by using the LDIFDE tool without a filter. An unfiltered LDIFDE export exports all data without identifying the fields that are protected and cannot be imported again.
This is an example filter that will export only required User Account data:
ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree
This is another example filter that will export all User Account data except for the attributes that cannot be imported:
ldifde -f Exportuser.ldf -s <Server1> -d "dc=Export,dc=com" -p subtree -r
"(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,
Required FieldsThe following fields must be entered for each user account that is imported.
dn: objectClass: sAMAccountName:
Example user account entry with all required fields
Optional fieldsThe following fields are optional and may be entered for each user account that is imported.
Example user account entry with all required and optional fields
displayName: Test User
User fields that cannot be importedThe following fields are protected system fields and cannot be modified through an LDIFDE import.:
Article ID: 276382 - Last Review: Apr 12, 2009 - Revision: 1