LDIFDE - Import

Introduction to LDIFDE Import

Whilst I expect you want to use LDIFDE to import users into Active Directory, I suggest that you start with LDIFDE export. My reasoning is this, LDIFDE is a difficult command to master, however, the export switch is far easier to learn than the import. In addition there is less scope for damaging Active Directory when you are exporting. Assuming then that you have some experience - or you are a faster learner - let us master LDIFDE import.

Topics for LDIFDE Import

LDIFDE Import

The key switch is -i without this tiny -i switch (Lower case I), LDIFDE will just export information or raise an error message. To master importing user accounts, you must understand the LDAP attributes. Also you need 'Active Directory Users and Computer' available for inspecting the users' properties. Once you have written all the data in your .ldf file then just import the data with a command like this:

ldifde -i -f accounts.ldf -s BigServer

1. Using LDIFDE to Add a New User

In this example, you use LDIFDE to add a new user named Guy Thomas to the Training organizational unit.

Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf extension.)
(Note you will need to substitute the information for your domain!)
Edit the LDIF file Newuser.ldf, and add the following text :
dn: CN=GuyThomas, OU=Training, DC=computerperformance, DC=com
changetype: add
cn: Guy Thomas
objectClass: user
samAccountName: Guy
givenName: Guy
sn: Thomas
Save the LDIF file.
Run LDIFDE to import the new user into Active Directory. Open a 'dos box', start run, CMD, then type the following command, and then press Enter.
ldifde –i -f newuser.ldf -s BigServer
To confirm that the new user has been created, check your Active Directory users and computers snap-in.

2. Modify a User's attributes

Once you have mastered adding users, then experiment with modifying existing attributes, this is the main advantage of LDIFDE over CSVDE. The key is the 'changetype: ' command in the data file. The three possible commands are add, modify, and delete.

Changing the password is very difficult. Below is an example but you really need more details from your eBook to master the 'unicodePwd' syntax.

dn: CN=Guy Thomas, OU=Birmingham, DC=cp,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBZAG8AdQByAE4AZQB3AFAAdwBkACIA

3. Deleting a user

When you need to delete objects, firsly you need their dn: attributes. Secondly, on the next line, write a statement for changetype: delete.

Example: If you saved these entries into a file called leavers.ldf

dn: CN=Dilbert Seeley,CN=Users,DC=cp
changetype: delete

dn: CN=Psycho Lyon,CN=Users,DC=cp
changetype: delete

dn: CN=Joshua McGinn,CN=Users,DC=cp
changetype: delete

4a. Blank values - Good news

Firstly, some good news. Paul M and Kevan S each wrote in and told me of this solution to the Nul value problem:

I needed to add a null value when I had to clear the login script field and have it controlled by a GPO. The following worked for me

dn: CN=Example User,OU=Example OU,DC=example,DC=network,DC=com

changetype: modify

delete: scriptPath

The absence of scriptpath: on the subsequent line after replace: causes an empty/null field to be inserted.

Note: If it took two people to correct this point, it shows that LDIFDE syntax is tricky.

4b. Blank values - Is Fill SEP an Urban Myth?

Unfortunately, Fill SEP does not work, I was mistaken when I read this reference.

http://www.openldap.org/lists/openldap-bugs/200212/msg00002.html

Once again I thank Paul M. for writing in with the workable idea for null values - see 4a above.

Guy Recommends: GFi EventsManager

Here is a solution to monitor, manage and archive thousands of events that are generated by devices across your entire network. Get your free evaluation copy of GFI EventsManager.

Please report a broken link, or an error.