Earlier, I realized My AD export is not grabbing all object attributes.
In the original AD export script, I was actually defining fields to export using -l argument:
-l “cn,givenName,objectclass,samAccountName”
You can get pretty complex with LDIFDE.exe (for help see): #> ldifde /?
Omitting the -l argument in the export script exported ALL object attributes.
That made for a messy import (Exchange Attributes get exported as well)…
So the -l argument allows you to pick and choose which attributes you want.
To fit my basic case, I used:
-l “cn,givenName,initials,sn,distinguishedName,mail,objectclass,samAccountName”
