You Experience Problems Exporting Active Directory Objects When You Use LDIFDE in a Forest That Has Multiple Domains (825425)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

When you use the LDIFDE command-line tool to export objects from the Active Directory directory service in a forest that has multiple domains, the export may not succeed. If objects are exported, and you then import the exported objects into another domain's Active Directory, incomplete information from the export may appear in the receiving domain's Active Directory.

CAUSE

If you do not specify a server when you use LDIFDE to export objects that are in the domain-naming context, LDIFDE searches for a global catalog server. When LDIFDE searches for a global catalog server, it may not use the domain of the object name or the user account that you specify to determine what global catalog server to connect to. LDIFDE may connect to a global catalog server that is in the same site as the client, but that is a member of a different domain in the forest. This global catalog server may not have all the required Active Directory attributes for the objects that you want to export.

WORKAROUND

To work around this issue, use the -s server_name command-line option to specify a server when you use LDIFDE.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

The LDAP Data Interchange Format (LDIF) is an Internet standard for a file format that you can use to perform batch operations against directories that comply with Lightweight Directory Access Protocol (LDAP) standards. You can use LDIF to export and import data, because it enables you to use batch operations such as add, create, and modify to be performed against Active Directory.

For additional information about how to use the LDIFDE utility to import and export objects in Active Directory, click the following article number to view the article in the Microsoft Knowledge Base:

237677 Using LDIFDE to Import and Export Directory Objects to Active Directory

Modification Type:MajorLast Reviewed:11/4/2004
Keywords:kbBug kbfix kbWin2000preSP5fix KB825425 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.