The LDAP Data Interchange Format (LDIF) specification defined in RFC 2849 describes a well-defined file-based format for representing directory entries. The format is intended to be both human and machine parseable, which adds to its usefulness. LDIF is the de facto standard for importing and exporting a large number of objects.

(more…)

There is not much difference between deleting a leaf node and deleting a container that has child objects. However, there is a distinction in what is happening in the background.

(more…)

Before you rename an object, ensure no applications reference it by name. You can make objects rename-safe by requiring all applications storing a reference to objects use the GUID of the object, not the name. The GUID (stored in the objectGUID attribute) is guaranteed to be unique and does not change when an object is renamed.

(more…)

You can move objects between domains assuming you follow a few guidelines:

• The user requesting the move must have permissions to modify objects in the parent container of both domains.
• You need to explicitly specify the target DC (serverless binds usually do not work). This is necessary because the “Cross Domain Move” LDAP control is being used behind the scenes.
• The move operation must be performed against the RID master for both domains. This is so that the move is a single master operation, which prevents conflicts (i.e., moving to two different domains from different DCs).
• Both domains must be in native mode.
• When you move a user object to a different domain, its objectSID is replaced with a new SID (based on the new domain), and the old SID is added to the sIDHistory attribute.
• For group objects, you can move only universal groups. To move global or domain local groups, you must first convert them to universal.

(more…)

Using a graphical user interface

1. Open ADSI Edit.
2. If an entry for the naming context you want to browse is not already displayed, do the following:
3. Right-click on ADSI Edit in the right pane and click Connect to….
4. Fill in the information for the naming context, container, or OU where the object is currently. Click on the Advanced button if you need to enter alternate credentials.
5. In the left pane, browse to the container or OU that contains the object you want to modify. Once you’ve found the object, right-click on it and select Move.
6. Browse to the new parent of the object, select it and click OK.

(more…)