LDIFDE – Switches

Introduction to LDIFDE 2003/8 Switches

Microsoft has made subtle changes to Windows Server 2003 in general and LDIFDE in particular.  The latest version of LDIFDE is 5.0.2195.4866, whereas the original Windows 2003 version was 5.0.2156.1.  Incidentally, under the covers Windows 2003 itself is version 5.0 and Server 2003 is 5.5.  Enough of this detail, on to the new switches.



New Switches for LDIFDE

The new switches are a mixed bag, some are very useful others have specialist, even obscure roles.  I have made my recommendations, but it is a case of selecting the right switch for the right job.

-q thread count

By using this switch you can speed up import.  The -q turns LDIFDE into a multi threaded program.

-w Timeout (seconds)

If your import hangs, you could terminate it with CTRL + C then next time use the -w timeout switch and set it to 20 or however many seconds you think appropriate.

-e Prevents lazy commit

I have to say that using the -e switch when importing could cause confusion, but I suppose Microsoft were running out of letters for switches.  What this does is forces an instant save of the imported users rather than using a memory buffer.  Guy says you probably do not need this switch.

-y Forces lazy commit

This is the default and the opposite of -e above.  I would stick with the default -y because it speeds up importing.

-h Enables SASL encryption

Another switch I would avoid, unless you are paranoid about security.


Useful LDIFDE Switches for both 2003 and 2000

-a Permissions
-b Permissions
-j Logging
-k Skip errors
-p Scope
-s Connect to server
-v Verbose

Logging -j (or J) it’s not case sensitive.

I have featured this switch because it is so useful for troubleshooting LDIFDE problems.

The point of logging to a text file is that its permanent compared with the -v verbose mode.  -j creates one or two log files.  It always creates a file called ldif.log, additionally it creates ldif.err if it encounters any errors.

Why not use -l for logging you may ask?  The answer is -l is used for listing LDAP attributes.  Why Microsoft choose -j have no idea!

Example 1:

  1. LDIFDE -f guylog.ldif -j c:\log
  2. If you use C:\log,  the log folder must exist
  3. To open the file I type notepad ldif.log
  4. If there are any errors type notepad ldif.err

Trap: The -j switch over writes existing .log or .err files.  I wish it would create a new file e.g ldif.log1, ldif.log2 – but it does not!

Trap: As far as I can see without the -j switch, no log file is produced.  I mention this as other documentation suggests that you are merely setting the path, in my opinion you are creating the file as well.

Guy Recommends:  SolarWinds’ Free Bulk Import ToolFree Download Solarwinds Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

 See also


If you like this page then please share it with your friends


Download your eBook:  How to use LDIFDE commands – only $5.25

LDIFDESave hours of frustration and buy Guy’s eBook.  The extra features include: detailed instructions on how to add and modify user accounts.  Worked LDIFDE examples on changetype: and unicodePwd.

You get a printer friendly version with copy enabled, and no expiry date.




 See also