从Acitive+Directory里面导出用户数据

如何从AD中到处需要的数据？

其实ldifde是个很不错的工具，这个工具可以在AD上直接运行，也有很好的帮助。

LDIF Directory Exchange General Parameters ================== -i Turn on Import Mode (The default is Export) -f filename Input or Output filename -s servername The server to bind to (Default to DC of computer's domain) -c FromDN ToDN Replace occurences of FromDN to ToDN -v Turn on Verbose Mode -j path Log File Location -t port Port Number (default = 389) -u Use Unicode format -w timeout Terminate execution if the server takes longer than the specified number of seconds to respond to an operation (default = no timeout specified) -h Enable SASL layer encryption -? Help Export Specific =============== -d RootDN The root of the LDAP search (Default to Naming Context) -r Filter LDAP search filter (Default to "(objectClass=*)") -p SearchScope Search Scope (Base/OneLevel/Subtree) -l list List of attributes (comma separated) to look for in an LDAP search -o list List of attributes (comma separated) to omit from input. -g Disable Paged Search. -m Enable the SAM logic on export. -n Do not export binary values -x Include deleted objects (tombstones) Import ====== -k The import will go on ignoring 'Constraint Violation' and 'Object Already Exists' errors -y The import will use lazy commit for better performance (enabled by default) -e The import will not use lazy commit -q threads The import will use the specified number of threads (default is 1) Credentials Establishment ========================= Note that if no credentials is specified, LDIFDE will bind as the currently logged on user, using SSPI. -a UserDN [Password | *] Simple authentication -b UserName Domain [Password | *] SSPI bind method Example: Simple import of current domain ldifde -i -f INPUT.LDF Example: Simple export of current domain ldifde -f OUTPUT.LDF Example: Export of specific domain with credentials ldifde -m -f OUTPUT.LDF -b USERNAME DOMAINNAME * -s SERVERNAME -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com" -r "(objectClass=user)"

下面是我写的两个例子，用来导出用户数据

ldifde -d "OU=cummins,DC=Elysium,DC=local" -f output.ldf -p subtree -r "(&(objectClass=top)(objectClass=person)(objectClass=organizationalPerson)(objectClass=user))" -j c:\ -c "OU=cummins,DC=Elysium,DC=local" "OU=people,DC=cummins,DC=local" -l dn,objectClass,cn,sn,givenName,displayName,sAMAccountName ldifde -d "OU=cummins,DC=Elysium,DC=local" -f ad.ldif -p subtree -j c:\ -c "OU=cummins,DC=Elysium,DC=local" "OU=people,DC=cummins,DC=local" -l dn,objectClass,cn,sn,givenName,displayName,sAMAccountName

导出的用户数据例子如下：

dn: OU=people,DC=cummins,DC=local changetype: add objectClass: top objectClass: organizationalUnit dn: CN=test test,OU=people,DC=cummins,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: test test sn: test givenName: test displayName: test test sAMAccountName: test1
这个数据导入到sunone directory等其他LDAP服务器的时候，需要注意

1. 将objectClass: user改成objectClass: inetorgperson
2. 将sAMAccountName改成uid

因为Sunone里面没有叫user的objectclass，也没有叫sAMAccountName的属性