Sometimes it may be necessary to export or import directory data in the unattended mode. For example, you may want to set up a daily backup of your directory data, or to make an LDIF import as a part of your custom deployment scenario. That is where laimex tool comes to help.
laimex is a command line tool supplied with LDAP Administrator to import or export directory data without having to run the LDAP Administrator GUI. All parameters are entered via the command line and the tool is run in the unattended mode.
Syntax:
laimex [@argfile] [/?|h|help] [/v|version] [/i] [/sql statement] [/sqlf filename] [/d LDIF|DSML1|DSML2|CSV|TXT|HTML|EXCEL] [/f filename] [/s host:port] [/ssl] [/cert name] [/user user] [/pwd password] [/mech SIMPLE|GSS-SPNEGO|DIGEST-MD5] [/r rootDN] [/t filter] [/p BASE|ONE|SUB] [/a attrlist] [/lbs NONE|WIN|UNIX|MAC] [/line length] [/page size] [/dmd] [/dh] [/di] [/xs] [/xc] [/ue] [/co] [/pu] [/cf fromDN] [/ct toDN] [/cd NONE|EXISTING|ALL] [/fs separator] [/vs separator] [/tq value] [/xr value] [/ea] [/dd] [/db] [/el SINGLE|MULTI] [/ec TEXT|GENERAL] [/eh] [/dnc column] [/nc column] [/pdn parentDN] [/occ column] [/soc objectClass] [/xa attrlist]
Parameters:/i
Specifies the document import mode. If not specified, the default mode is 'export'.
/sql statement
Specifies the SQL statement to perform update or export operation.
/sqlf filename
Specifies the name of an SQL file to perform update or export operation.
/s host:port
Specifies the host name and port of the target directory server. If not provided, the default value 'localhost:389' is used.
/d value
Specifies the type of an LDAP document to import from or export to. Possible values are:
LDIF
DSML1
DSML2
CSV
TXT
HTML
EXCEL
Learn more about these file formats.
/f filename
Specifies the name of an LDAP document file to import from or export to.
/s host:port
Specifies the host name and port of the target directory server. If not provided, the default value 'localhost:389' is used.
/ssl
Enables secure connection with the server (SSL).
/cert name
Specifies the client certificate name when using the secure connection (SSL).
/user user
Specifies the user name used for authentication to the directory server
/pwd password
Specifies the user's password to authenticate to the directory server.
/mech value
Specifies the negotiation mechanism to use while authenticating to the server. Possible values are:
SIMPLE
GSS-SPNEGO
DIGEST-MD5
EXTERNAL
If this parameter is omitted, the GSS-SPNEGO will be used by default.
/r rootDN
Specifies the entry DN to start the export from. If this parameter is omitted, the default value "" (RootDSE) will be used.
/t filter
Specifies the LDAP search filter. If this parameter is omitted, the default value is (objectClass=*).
/p value
Specifies the search scope to use when searching for directory entries. Available values are:
BASE
ONE
SUB
If this parameter is omitted, the BASE will be used by default.
/a attrlist
Specifies a comma-separated list of attributes to look for during an LDAP search.
/lbs value
Specifies the way line breaks will be inserted in the result document while exporting the directory data. Possible values are:
NONE
WIN
UNIX
MAC
If this parameter is omitted, WIN will be used by default.
/line length
Specifies the maximum number of characters in an attribute value per line. This option is applicable only to LDIF. If attribute value is longer then length it will be divided into several parts using line breaks. If length parameter is omitted, the 76 will be used by default. If length is set to 0 an attribute value will be stored in the result file without line breaks.
/page size
Turns on paging of results and specifies the page size. If this parameter is omitted, paging will be disabled.
/dh
Disables generating an extra header while saving results of a directory export operation. The extra header contains export date and time and information on where the data were exported from.
/di
Disables line indenting while generating results of a directory export operation. This option is applicable to DSML1, DSML2, and HTML. If this option is enabled, the resulting file is easier to read, while the deactivation of this option makes the file smaller in size.
/xs
(Active Directory specific). Forces the application to exclude SAM- specific attributes from search results. With this option enabled, you exclude attributes that could be imported since they are 'synthetic' and are not actually kept in the DIT.
/xc
Collective attributes are excluded from the search results. With this option enabled you can avoid problems connected with import of collective attributes.
/ue
Specifies that if an imported object already exists in Active Directory, it will be updated instead of throwing the 'Object already exists' error.
/co
Specifies that LDAP Administrator will always import parent objects before their child objects.
/pu
Commit DN syntax properties after all objects are imported.
/cf fromDN
Specifies the suffix of an entry DN to replace.
/ct toDN
Specifies the suffix an entry DN part will be replaced with.
/cd value
Specifies how the DN suffixes will be updated in all DN attribute values. The possible values are:
NONE
EXISTING
ALL
If this parameter is omitted, the NONE will be used by default.
/fs separator
Specifies the field separator used when importing/exporting TEXT and CVS documents. If this parameter is omitted, the default value ';' will be used.
/vs separator
Specifies the attribute value separator used when importing/exporting TEXT and CVS documents. If this parameter is omitted, the default value ',' will be used.
/tq value
Specifies the text qualifiers used when importing/exporting TEXT and CSV documents. The text qualifiers are used to identify the boundary of the text value. If a field separator character appears within this boundary, it won't be considered as a delimiter. If this parameter is omitted, the default value '"' will be used.
/xr value
Specifies the row, starting from which TEXT or CSV document will be imported. If this parameter is omitted, the import is started from the first row.
/ea
Encode attribute values to Base64 if they contain non 7-bit ASCII characters.
/dd
Specifying this option disables the transformation of values of LDAP attributes into human-readable format, so all attribute values are imported/exported as they are stored in the directory. For example, despite 'objectSid' is a binary attribute, LDAP Administrator displays it in the SDDL form that allows displaying a security descriptor as a text string. If this option is omitted, LDAP Administrator will transform values of some LDAP Attributes into human-readable format. This parameter is applicable to TEXT, CSV, HTML and Excel documents only.
NOTE: While exporting documents without this parameter specified, such documents might not be imported back into the directory since not all LDAP attributes can be transformed back from human-readable representation.
/db
Specifies that LDAP Administrator will export data in ASCII format instead of UTF-8. Suppresses the creation of the BOM in the exported file.
/dmd
Specifying this option disables the ManageDsaIT control on the server-side when searching for entries. Having this control off makes sure you won't have unexpected problems on servers which do not properly support this control.
/el value
Specifies the EXCEL document type layout. Possible values are:
SINGLE
MULTI
Please refer to the file format overview to learn more about further details and differences between file formats. If this parameter is omitted, the default value SINGLE will be used.
/ec value
Specifies cell format for the EXCEL document type. Possible values are:
TEXT
GENERAL
If this parameter is omitted, the default value TEXT will be used. With this parameter set to GENERAL, EXCEL will be able to auto-detect the cell format depending on the value of each particular cell.
/eh
Forces to freeze the header of the EXCEL document keeping it in view while scrolling through the document.
/dnc column
Specifies a column that contains object DNs. This parameter is applicable to CSV documents only.
/nc column
Specifies a column that contains object names. This parameter is applicable to CSV documents only.
/pdn parentDN
Specifies a parent DN for all objects that will be imported. This parameter is applicable to CSV documents only.
/occ column
Specifies a column that contains object classes. This parameter is applicable to CSV documents only.
/soc objectClass
Specifies an object class for all objects that will be imported. This parameter is applicable to CSV documents only.
/xa attrlist
Specifies a comma-separated list of attributes that won't be imported. This parameter is applicable to CSV documents only.
Examples:
Example 1: Exporting a single user to the LDIF format
laimex.exe /d LDIF /f c:\file.ldif /r "CN=John Doe,CN=Users,DC=example,DC=com"
Example 2: Exporting 'Users' subtree to the LDIF format
laimex.exe /d LDIF /f c:\file.ldif /p ONE /r CN=Users,DC=example,DC=com
Example 3: Importing data from a DSML file
laimex.exe /i /d DSML /f c:\file.xml
Example 4: Exporting 'Users' subtree using the specified credentials
laimex.exe /d CSV /f c:\file.csv /r CN=Users,DC=example,DC=com /user EXAMPLE\administrator /pwd secret /p SUB
Example 5: Exporting 'Users' subtree using the ARG file
laimex.exe @"C:\Examples\argfile.txt"
The ARG file contents:
/d LDIF /f c:\file.ldif /r CN=Users,DC=example,DC=com /p ONE
Example 6: Exporting only inetOrgPerson objects from the 'Users' subtree
laimex.exe /d LDIF /f c:\file.ldif /r CN=Users,DC=example,DC=com /p SUB /t (objectClass=inetOrgPerson)
Example 7: Importing data to the 'New Users' container, though it was exported from the 'Users' container
| To import data to the location that differs from their original location, you need to replace the suffix of DN of the objects being imported. |
laimex.exe /i /d LDIF /f C:\file.ldif /cf "CN=Users,DC=example,DC=com" /ct "CN=New Users,DC=example,DC=com"
Example 8: Exporting only the 'Display Name' and 'Telephone Number' properties of AD objects
laimex.exe /d TXT /f C:\file.txt /r CN=Users,DC=example,DC=com /p ONE /a displayName,telephoneNumber