When running ldifde, I'm missing the objectSid values. How do I get those to be returned?

Question

I'm able to generate an LDIF export of my active directory like this

ldifde -f test-data.ldif
ldifde -f test-data2.ldif -d "CN=Configuration,DC=domain,DC=com"

I then combine these two files together and I have a pretty useful exported LDAP tree.

But when I look into the exported data, the one bit of glaringly missing data is the objectSid values, which are supposed to be exported by default (no need for the -l parameter).

Why is that missing? What can I do to get that included in the export?

So anything such as TokenGroups or anything involving an SID is not working from the exported data.

If I run:

ldifde -f test_objectsid.ldf -d "dc=domain,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "objectSid,objectSids,cn,givenName,objectclass,samAccountName"

This does contain objectSids. So what is going on with my first ldifde command?

score 0 · Answer 1 · answered Sep 25 '18 at 17:40

Ended up being super simple.

My first command just needed to explicitly add -l parameters. Without it, I wasn't getting them.

ldifde -f test-data.ldif -l "objectSid;binary,objectSids,cn,givenName,objectclass,samAccountName,distinguishedName,memberOf,userPrincipalName,primaryGroupID"

When running ldifde, I'm missing the objectSid values. How do I get those to be returned?

1 Answers1