HOW TO: Export the Configuration Container in ADAM & AD LDS Using LDIFDE

Hi, Russell here. I’m a member of the Microsoft Texas Directory Services Team. I specialize in all things LDAP, with particular focus on 3rd Party LDAP Client interop, ADAM & AD LDS, Directory Service Schemas, Indexing, and LDAP Query Performance Tuning.

We recently had a customer who had “inherited” an ADAM infrastructure. He called concerning replication failures between ADAM instances. Trouble was, he had no documentation explaining the configuration. Fortunately, AD LDS and ADAM have many tools to help you sort out the confusion after the fact. One of them is LDIFDE, which is the MS version of a tool that imports and exports in the LDAP Data Interchange Format (LDIF) RFC2849 Spec.

To assist the customer, we asked for an LDIFDE export of his ADAM Configuration Partition to view the ADAM NTDS Settings Objects and Site configurations.

Problem – The command line help leaves a bit to be desired. While export mode of operation is the default for ldifde, we did not require a full output of all ADAM Partitions, #1; nor would the macro expansion feature give us the desired results, #2:

1. LDIFDE -m -f output.ldf

2. LDIFDE -f export.ldif -c “#configurationNamingContext” “cn=configuration,dc=x”

Complicating matters, if the machine is in a domain, the export will occur from the first DC to respond, not ADAM if ADAM is listening on any port other than 389. See the fine print at the end.

To obtain just the Configuration Container for analysis, we’ll need to supply LDIFDE more information:

  •  -d Specifies the Root Container of our search & export
  • -s Specifies the Server we want to connect to. Localhost can be used if running locally on ADAM
  •  -t Specifies the ADAM port you want to connect to (Use dsdiag.exe “List Instances” sub-command to determine the port if not known)
  •  -f Specifies the file name where you want to write the output of the export

Order is important. Use the -d switch first, then the server, port, and an output file name.


LDIFDE -d CN=Configuration,CN={43B6F689-F8B3-47B5-BB75-5B56BB5A55} –s  localhost -t 50000 -f ServerConfig.ldif

NOTES – CN=GUID is from a sample machine. Each configuration container will have a unique GUID. Replica members will share this GUID. Possible errors you might encounter when syntax is incorrect:

“The default naming context cannot be found. Using NULL as a search base.”
“No entries found.”

Fine Print on the above error – This is actually an issue with LDIFDE & ADAM interop, in that ADAM does not populate the defaultNamingContext in RootDSE by default. The error shows that you connected to ADAM RootDSE, but without a search base, nothing gets exported.

Hasta luego,

-Russell “SpaniardR2” Despain