cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HOW TO: Export the Configuration Container in ADAM & AD LDS Using LDIFDE
By
Ned Pyle
Published Apr 04 2019 01:51 PM 3,769 Views
Ned Pyle
Microsoft
‎Apr 04 2019 01:51 PM

HOW TO: Export the Configuration Container in ADAM & AD LDS Using LDIFDE

‎Apr 04 2019 01:51 PM
First published on TechNet on Feb 09, 2009
Hi, Russell here. I’m a member of the Microsoft Texas Directory Services Team. I specialize in all things LDAP, with particular focus on 3 rd Party LDAP Client interop, ADAM & AD LDS, Directory Service Schemas, Indexing, and LDAP Query Performance Tuning.

We recently had a customer who had "inherited" an ADAM infrastructure. He called concerning replication failures between ADAM instances. Trouble was, he had no documentation explaining the configuration. Fortunately, AD LDS and ADAM have many tools to help you sort out the confusion after the fact. One of them is LDIFDE, which is the MS version of a tool that imports and exports in the LDAP Data Interchange Format (LDIF) RFC2849 Spec .

To assist the customer, we asked for an LDIFDE export of his ADAM Configuration Partition to view the ADAM NTDS Settings Objects and Site configurations.

Problem - The command line help leaves a bit to be desired. While export mode of operation is the default for ldifde, we did not require a full output of all ADAM Partitions, #1; nor would the macro expansion feature give us the desired results, #2:

1. LDIFDE -m -f output.ldf

2. LDIFDE -f export.ldif -c "#configurationNamingContext" "cn=configuration,dc=x"

Complicating matters, if the machine is in a domain, the export will occur from the first DC to respond, not ADAM if ADAM is listening on any port other than 389. See the fine print at the end.

To obtain just the Configuration Container for analysis, we'll need to supply LDIFDE more information:

  • -d Specifies the Root Container of our search & export
  • -s Specifies the Server we want to connect to. Localhost can be used if running locally on ADAM
  • -t Specifies the ADAM port you want to connect to (Use dsdiag.exe “List Instances” sub-command to determine the port if not known)
  • -f Specifies the file name where you want to write the output of the export


Order is important. Use the -d switch first, then the server, port, and an output file name.

Example:

LDIFDE -d CN=Configuration,CN={43B6F689-F8B3-47B5-BB75-5B56BB5A55} –s  localhost -t 50000 -f ServerConfig.ldif

NOTES – CN=GUID is from a sample machine. Each configuration container will have a unique GUID. Replica members will share this GUID. Possible errors you might encounter when syntax is incorrect:

"The default naming context cannot be found. Using NULL as a search base."
"No entries found."

Fine Print on the above error - This is actually an issue with LDIFDE & ADAM interop, in that ADAM does not populate the defaultNamingContext in RootDSE by default. The error shows that you connected to ADAM RootDSE, but without a search base, nothing gets exported.

Hasta luego,

-Russell “SpaniardR2” Despain

0 Likes
Like
Version history
Last update:
‎Apr 04 2019 01:51 PM
Updated by:
Labels