可以用"ldifde"命令先将数据导出来,修改后再倒入进去;
详细见官方网站:http://technet.microsoft.com/zh-cn/library/cc755456
以下是命令的常用参数:
-----------------------------------------------------------------------------------------------------------
LDIF Directory Exchange
General Parameters
==================
-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to (Default to DC of computer's domain)
-c FromDN ToDN Replace occurences of FromDN to ToDN
If either FromDN or ToDN ends with #attributeName, the
attribute value will be looked up in rootDSE and used to
replace #attributeName. See example for "Macro expansion
in DNs".
-v Turn on Verbose Mode
-j path Log File Location
-t port Port Number (default = 389)
-u Use Unicode format
-w timeout Terminate execution if the server takes longer than the
specified number of seconds to respond to an operation
(default = no timeout specified)
-h Enable SASL layer encryption
-? Help
Export Specific
===============
-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to "(objectClass=*)")
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for
in an LDAP search
-o list List of attributes (comma separated) to omit from
input.
-g Disable Paged Search.
-m Enable the SAM logic on export.
-n Do not export binary values
-x Include deleted objects (tombstones)
-1 Retain only the important replPropertyMetadata
Import
======
-k The import will go on ignoring 'Constraint Violation'
and 'Object Already Exists' errors
-y The import will use lazy commit for better performance
(enabled by default)
-e The import will not use lazy commit
-q threads The import will use the specified number of threads
(default is 1)
-z Continue importing irrespective of errors.
-x Enable tombstone reanimation support (passes deleted
objects control with ldap modify requests)
Credentials Establishment
=========================
Note that if no credentials is specified, LDIFDE will bind as the currently
logged on user, using SSPI.
-a UserDN [Password | *] Simple authentication
-b UserName Domain [Password | *] SSPI bind method
Example: Simple import of current domain
ldifde -i -f INPUT.LDF
Example: Simple export of current domain
ldifde -f OUTPUT.LDF
Example: Export of specific domain with credentials
ldifde -m -f OUTPUT.LDF
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
-r "(objectClass=user)"
Example: Macro expansion in DNs
ldifde -f export.ldf -c "#configurationNamingContext" "cn=configuration,dc=x"
ldifde -i -f import.ldf -c "cn=configuration,dc=x" "#configurationNamingContext"
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
