HOW TO: Export the Configuration Container in ADAM & AD LDS Using LDIFDE

HOW TO: Export the Configuration Container in ADAM & AD LDS Using LDIFDE

  • Comments 4
  • Likes

Hi, Russell here. I’m a member of the Microsoft Texas Directory Services Team. I specialize in all things LDAP, with particular focus on 3rd Party LDAP Client interop, ADAM & AD LDS, Directory Service Schemas, Indexing, and LDAP Query Performance Tuning.

We recently had a customer who had "inherited" an ADAM infrastructure. He called concerning replication failures between ADAM instances. Trouble was, he had no documentation explaining the configuration. Fortunately, AD LDS and ADAM have many tools to help you sort out the confusion after the fact. One of them is LDIFDE, which is the MS version of a tool that imports and exports in the LDAP Data Interchange Format (LDIF) RFC2849 Spec.

To assist the customer, we asked for an LDIFDE export of his ADAM Configuration Partition to view the ADAM NTDS Settings Objects and Site configurations.

Problem - The command line help leaves a bit to be desired. While export mode of operation is the default for ldifde, we did not require a full output of all ADAM Partitions, #1; nor would the macro expansion feature give us the desired results, #2:

1. LDIFDE -m -f output.ldf

2. LDIFDE -f export.ldif -c "#configurationNamingContext" "cn=configuration,dc=x"

Complicating matters, if the machine is in a domain, the export will occur from the first DC to respond, not ADAM if ADAM is listening on any port other than 389. See the fine print at the end.

To obtain just the Configuration Container for analysis, we'll need to supply LDIFDE more information:

  •  -d Specifies the Root Container of our search & export
  • -s Specifies the Server we want to connect to. Localhost can be used if running locally on ADAM
  •  -t Specifies the ADAM port you want to connect to (Use dsdiag.exe “List Instances” sub-command to determine the port if not known)
  •  -f Specifies the file name where you want to write the output of the export

Order is important. Use the -d switch first, then the server, port, and an output file name.


LDIFDE -d CN=Configuration,CN={43B6F689-F8B3-47B5-BB75-5B56BB5A55} –s  localhost -t 50000 -f ServerConfig.ldif

NOTES – CN=GUID is from a sample machine. Each configuration container will have a unique GUID. Replica members will share this GUID. Possible errors you might encounter when syntax is incorrect:

"The default naming context cannot be found. Using NULL as a search base."
"No entries found."

Fine Print on the above error - This is actually an issue with LDIFDE & ADAM interop, in that ADAM does not populate the defaultNamingContext in RootDSE by default. The error shows that you connected to ADAM RootDSE, but without a search base, nothing gets exported.

Hasta luego,

-Russell “SpaniardR2” Despain

  • PingBack from

  • 214 Microsoft Team blogs searched, 92 blogs have new articles in the past 7 days. 218 new articles found

  • THE FOLLOWING COMMAND DOES NOT RETURN ANY ENTRIES, but using ADAM ADSI Edit, I can see that it has values and data in the locaiton requested.  If I run the similar command on the domain controller it returns entreis.

    I'm wrapped around the axle on this!!!


    ldifde -d  "CN=SenderFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=Organization Name,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com" -s -t 50389 -f senderfilter.ldf -m -l msExchMessageHygieneBlockedDomainAndSubdomains -r "(objectClass=msExchMessageHygieneSenderFilterConfig)"


    Connecting to ""

    Logging in as current user using SSPI

    Exporting directory to file senderfilter.ldf

    Searching for entries...

    Writing out entriesldap://,CN=Message%20Hygiene,CN=Transport%20Settings,CN=Organization%20Name,CN=Microsoft%20Exchange,CN=Services,CN=Configuration,DC=domain,DC=com

    No Entries found

    The command has completed successfully

    Any Ideas?

    -Barry Adkins

  • Try using the configuration container's GUID instead of the DC=domain,DC=com distinguised name.