Common commandline arguments

Some arguments are common to all exporters.

LDAP query

Required argument!
Short form: -q
Long form: --query
Example: -q "(&(objectCategory=User)(initials=*))"
The query is based on the common LDAP syntax. Important: Make sure you enquote the query in double-quotes, as the commandline will otherwise interpret some special characters (such as the ampersand &)!

Some common query hints to guide you on your queries:
  • You can use ADSI-Edit to view common attribute names and other details about them
  • To only return objects which have an attribute set, use attribute=*

Fields to extract

Required argument!
Short form: -f
Long form: --fields
Example: -f initials,givenname,sn,sAMAccountName,department,objectSID
Supply all fields to be extracted and exported as a comma-separated list of AD-object-attributes. All attributes in LDAP contain an array of values. by default, the first value is retrieved and returned.

New in Version
You can use aggregates to extract details of these value-arrays.
Example: -f objectSID,count(member),all(sidhistory)

The following aggregates are supported:
aggregate example details
count count(member) returns the amount of values found in the attribute. for example, on groups you can return the amount of members in the group by using count(member)
all all(sidHistory) returns all array-values as a separated list (by default, the pipe | character is used to separate the array-value from one another)

Multi-Value separator

Short form: -m
Long form: --mvsep
Example: -m @
Default: |
The separator is used with the all() aggregate (see above).

LDAP Connection and search-root

Short form: -c
Long form: --conn
Example: -c ldap://
Example: -c LDAP://,DC=mydomain,DC=com
Default: current domain's root
The optional LDAP connection-string can connect to a domain's LDAP root, or also specify the starting point of the query. Use the DN (distinguished name) information of ADSI-Edit to see how this relates.

LDAP user

Short form: -u
Long form: --user
Example: -u MYDOMAIN\myUser
Default: current user
By default, the windows credentials are used to contact the LDAP server. If you do not have permissions to query the target server with the current windows-credentials, you can specify them in the commandline. This is especially useful, when contacting foreign LDAP servers for which no domain-trust exists, or if you wish to query attributes to which regular users have no access.

LDAP password

Short form: -p
Long form: --pwd
Example: -p myPassword
Default: current user
If you omit it in the commandline, you will be prompted (interactive mode!!) for it at runtime. Important: Usually you should not supply a password here. Only when running in a secure environment should a password be supplied on the commandline. The better solution would be to ensure a user with the same user/pwd as the local user exists on the target LDAP machine/domain or a trust is established between the domains.
Note: when using the CSV mode to write to the console, you must supply the password in the commandline, if you also supply a username!


Short form: -t
Long form: --quiet
Example: --quiet
Default: false (not specified)

New in Version
The quiet flag will reduce output to a minimum. With SQL exporter only PRINT statements are dispayed. Parameter declaration warnings are also suppressed.

Last edited Jun 25, 2013 at 12:10 PM by uTILLIty, version 4


No comments yet.