dsexport(1)                  General Commands Manual                 dsexport(1)

     dsexport – export records from OpenDirectory

     dsexport [--N] [-r record_list] [-e exclude_attributes]
              [-a address -u username [-p password]] output_file node_path

     The dsexport utility exports records from Open Directory.

     The first argument is the path to the output file.  If the file already
     exists it will be overwritten.

     The second argument is the path to the OpenDirectory node from which the
     records will be read.

     The third argument is the type of record to export.  If the record type
     does not begin with ‘dsRecTypeStandard:’ or ‘dsRecTypeNative:’, the
     dsexport utility will determine if the node supports a standard attribute
     by the specified name; otherwise, dsexport will assume that the record type
     is native.  A warning will be printed if the record type is converted.
     Standard record types can be listed using the following command: ‘dscl -raw
     . -list /’.

     The options are as follows:

     --N     Export all attributes, including native attributes.  By default,
             dsexport only exports standard attributes.

     -r record_list
             Comma-separated list of records to export from the specified node.
             The -r option may be used multiple times to specify additional
             records to export.  If the -r option is not specified, dsexport
             will attempt to export all records.

     -e exclude
             Comma-separated list of attributes that should not be exported.
             The -e option may be used multiple times to specify additional
             attributes to exclude.  The following attributes are always
             excluded: ‘dsAttrTypeStandard:AppleMetaNodeLocation’,
             ‘dsAttrTypeStandard:RecordType’, ‘dsAttrTypeNative:objectClass’.

     -a address
             Address of the desired proxy machine.

     -u username
             Username to use for the proxy connection

     -p password
             Password to use for the proxy connection.  If the -p option is not
             specified, dsexport will interactively prompt for the password.

     When using an LDAP node, please be aware that dsexport can only export as
     many records as the LDAP server is willing to return.  If the LDAP server
     has several thousand users, you may want to raise the maximum number of
     search results that the server returns.  This can be done in Server Admin
     (my.server.com>OpenDirectory>Settings>Protocols tab).  By default this is
     set to 11000 results.

     Export all user records from the local node to ‘export.out’:

           $ dsexport export.out /Local/Default dsRecTypeStandard:Users

     Export the group records for ‘admin’ and ‘staff’ from the LDAPv3 node on a
     proxy machine ‘proxy.machine.com’:

           $ dsexport export.out /LDAPv3/ dsRecTypeStandard:Groups -r
           admin,staff -a proxy.machine.com -u diradmin -p password

     Export augmented users from the LDAPv3 node, including native attributes
     but excluding the PasswordPlus attribute:

           $ dsexport augments.out /LDAPv3/ dsRecTypeStandard:Augments
           --N -e "dsAttrTypeStandard:PasswordPlus"

     The dsexport utility exits 0 on success, and >0 if an error occurs.

     dscl(1), dsimport(1), DirectoryService(8)

macOS 12.1                      20 November 2008                      macOS 12.1