First off let me apologize if this was submitted into the wrong forum. Please let me know what would be the best forum and I will try to move.
I have recently setup a Server 2008 R2 AD LDS server. The idea was to use this device in the DMZ and have WordPress authenticate against the LDS server. I have a handful of users in an OU that will have exported and then imported into my LDS instance. After some troubleshooting I was able to get this going. Then management requested that a bigger handful also be allowed to authenticate against this instance also but they are all over the place as far as different OU's and importing this just seemed to be a nightmare. So I had a thought can I create a universal security group and make all the users desired members of that group and then export/import my users in that way? If so what would I need to change?
Here is the export command I'm using: ldifde -f diffXX.ldf -d "DC=xxx,DC=com" -p subtree -r "(&(objectcategory=person)(objectclass=user)(givenname=*))" -l "cn,givenname,objectclass"