Export Active Directory (ldifde) error

[wontolla]

Hi guys!!!

I have a problem. I'd like to move all the AD from one DC to another. To export, I try with in the old DC:

ldifde -f Exportuser.ldf

and the command is completed successfully

then, in the new DC, I execute:

ldifde -i -f Exportuser.ldf

and the answer is: Add error on line 1: "Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM)."
0 entries modified successfully.

what am I doing wrong????

I also try with this:

ldifde -f Exportuser.ldf -s server -d "dc=domain,dc=local" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName"

and the command is completed successfully

and I try to import with:

ldifde -i -f Exportuser.ldf

and the answer is: Add error on line 1: Referral
The server side error is "A referral was returned from the server."

If you have done this before, please, tell me how!!!
Any sugestions will be apreciated.

(Sorry if my english is not very good)

 

[rfisch]

I have just started working with LDIFDE. I have found there is not much documentation available anywhere about it except for the generic examples on Microsoft's website.

That being said, I would recommend using the Active Directory Migration Tool (ADMT). I don't think it comes with W2K server, but it's a free download from Microsoft.

http://www.microsoft.com/windows2000/downloads/tools/admt/default.asp

It's fairly simple to use. (It has a GUI). Much easier for what you are trying to do.

 

[smiles8045]

I just resolved this problem myself, (after an 18hr day of trying). Make sure you do not have any SAM owned attributes in your import file. Do your export with the -m switch at the end to see which attributes you can modify. My problem ended up being the memberOf attribute. Hope it helps.