Migrate schema of the Active Directory

最新推荐文章于 2023-02-03 16:26:35 发布

bhbhjackyin

最新推荐文章于 2023-02-03 16:26:35 发布

阅读量816

点赞数

分类专栏： LDAP 文章标签： schema file domain import download command

本文链接：https://blog.csdn.net/bhbhjackyin/article/details/5855035

版权

LDAP 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

We assume that we need to import the client ad schema into our local active directory.We can use the LDIFDE command-line utility to import directory objects into Active Directory using LDAP Data Interchange Format (LDIF) files.

1). Create a backup of the schema master domain controller’s system state using the NTBACKUP utility.
2). ldifde -i -u -f addiff.ldf -j . -c "dc=x" "dc=local"

addiff.ldf file like following:

# ================================================================== # # This file should be imported with the following command: # ldifde -i -u -f addiff.ldf -s server:port -b username domain password -j . -c "cn=Configuration,dc=X" #configurationNamingContext # LDIFDE.EXE from AD/AM V1.0 or above must be used. # This LDIF file should be imported into AD or AD/AM. It may not work for other directories. # # ================================================================== # ================================================================== # Attributes # ================================================================== # Attribute: activationSchedule dn: cn=ms-Exch-Activation-Schedule,cn=Schema,cn=Configuration,dc=X changetype: ntdsschemaadd objectClass: attributeSchema attributeId: 1.2.840.113556.1.2.213 ldapDisplayName: activationSchedule attributeSyntax: 2.5.5.10 adminDescription: ms-Exch-Activation-Schedule adminDisplayName: ms-Exch-Activation-Schedule oMSyntax: 4 isSingleValued: TRUE systemOnly: FALSE rangeLower: 84 rangeUpper: 84

How to get the file addiff.ldf
w e assume that ad_schema.ldif is the target ad schema, ad_local.ldif is the local ad schema.
1). Export the ad_schema.ldif from the target active directory
ldifde -f c:/ad_schema.ldif -d “cn=schema, cn=configuration,dc=xxx”
2). Export the ad_local.ldif from the local active directory
ldifde –f c:/ad_local.ldif –d “cn=schema,cn=configuration,dc=local”
3). Runing AdSchemaAnalyzer.exe
4). Load target and local ldif flat file
5). Create addiff.ldf file

Notice
1). ad_schema.ldif file need to be process after exported from the target active directory, if not it’s maybe couldn’t loaded into adschemaanalyzer tool, we can use java or Perl, and other tools to do this procedure. For exmple: remove the line like “objectGUID:: Woiqp0gigkCDsZdVIqDq/w==”, “schemaIDGUID:: IIBFUmrK0BGv/wAA+ANnwQ==” and so on.

2). addiff.ldf file maybe need to be process if an error has occurred in the program, the same as 1).

We can get the AdSchemaAnalyzer.exe from ADAM dirctory or download in the internet.