Contents for Ezine 92 - LDIFDE
♣
Let me say at the outset that I am not a great fan of LDIFDE (Lightweight Data Interchange Format, Data Exchange); I prefer VBScript or CSVDE. However, I feel that it is time to give LDIFDE
its moment in the limelight. Despite my dismissive comments, LDIFDE cannot be all bad. For example, Exchange 2003 uses LDIF files to extend the schema. In common with CSVDE, LDIFDE is a built-in executable found in Windows Server 2003 (and 2000). If you need to experiment on an XP machine, simply copy the LDIFDE locally
from the system32 folder on the server. Tip, from the XP machine run \\server\admin$ then browse to the system32 folder. Another similarity between LDIFDE and CSVDE is that they both feed on text
files. The actual LDIFDE executable is simply an engine that processes the Active Directory information you create in the .ldf file. Both LDIFDE and CSVDE can bulk import users, however LDIFDE has a
killer advantage in that you can modify or even delete objects in your Active Directory. Specifically, what I have against LDIFDE is that I cannot manipulate the data in a spreadsheet. I admit
it's possible that I have missed a trick; perhaps someone knows of a clever spreadsheet macro, but for me the LDIFDE files are unwieldy compared with VBScript, which easily feeds ofs my spreadsheet data.
The key skill is LDAP. Whether you use CSVDE, VBScript or LDIFDE you simply must be an expert on LDAP properties, for example sAMAccountName, sn and givenName. My secret of becoming a minor expert
on LDAP was
research with ADSI Edit.
If you are looking for handy network utilities, try some of the free downloads at
Tools4Ever
LDIFDE
StrategyLDIFDE looks for an import or export command, followed by a text file. The text file extension is not important, but the syntax is picky. Here is an example, ldifde -i -f ron.ldf.
The
-i switch means import, while -f introduces the file name. Let us assume that we need to modify the properties of a user called Ron. Previously Ron's office was situated in Cambridge, now we want this Active Directory
value to be changed to
Oxford. When I researched ADSI Edit, I discovered that the LDAP for office was - PhysicalDeliveryOfficeName.
Example 1 - Modify LDAP with LDIFDE
Instructions
1) Change OU,Students to the name of your experimental OU. Alternatively, create an OU called Students.
2) Either create a user called Ron, or else change cn=ron to cn =youruser.
3) Amend DC=CP,DC=mosel to the name of your domain.
Investigate whether you have an extension called DC=Local, or DC=com.
Preparation. With LDAP, the key task is to prepare the text file. Our first line contains Ron's dn: (distinguished name). Writing the DN is not an easy task, but to be fair, once you have worked out one user's dn, it
is relatively easy to adjust the
CN or the OU for other users. (Even so, I still don't like this technique, I prefer a spreadsheet.)
On the second line, we need to tell LDIFDE whether to add, delete, or as in this instance, modify Ron's PhysicalDeliveryOfficeName.
On the third line, I choose the word replace, followed by a colon: then the LDAP property. Again, ADSI Edit is my tool of choice to research the precise LDAP name.
Immerse yourself in the LDIFDE syntax. In particular remember the dash (not underscore) which separates the records.
Copy the script below, save to a know location on a Windows Server, for example C:\scripts\ron.ldf. Next open a CMD prompt type:
1) CD C:\scripts
2)
LDIFDE -i -f ron.ldf
dn: CN=Ron,OU=Students,DC=cp,DC=mosel
changetype: modify
replace: PhysicalDeliveryOfficeName
PhysicalDeliveryOfficeName: Oxford
-
Guy's Learning Points Note 1: changetype: modify. This is a precise instruction to alter the record Note 2: replace: PhysicalDeliveryOfficeName.
You could amend PhysicalDeliveryOfficeName to other LDAP properties, for example displayName. Note 3: PhysicalDeliveryOfficeName: Oxford. Feel free to change Oxford to any location that
you like. Note 4: Investigate Active Directory Users and Computers. In particular right click the OU and select refresh. Check Ron's General tab, Office. Note 5:
Important. Remember that the text file needs a dash (-) to indicate the end of record.
Guy Recommends: SolarWinds LANSurveyor
LANSurveyor will produce a neat diagram of your network topology. But that's
just the start;
LANSurveyor can
create an inventory of the hardware and software
of your machines and network devices. Other neat features include dynamic
update for when you add new devices to your network. I also love the ability to export
the diagrams
to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will
find a device on your network that you had forgotten about, or someone else
installed without you realizing!
Download a Free Trial of LANSurveyor
Example 2. Modify Two Users with LDF FileThis script modifies not one but two user accounts.
dn: CN=Ron,OU=Students,DC=cp,DC=mosel
changetype: modify
replace: PhysicalDeliveryOfficeName
PhysicalDeliveryOfficeName: Birmingham
-
dn: CN=Psycho,OU=Students,DC=cp,DC=mosel
changetype: modify
replace: PhysicalDeliveryOfficeName
PhysicalDeliveryOfficeName: Oxford
-
Guy's Learning Points
Note 1: Each record ends with a dash -. Note 2: The blank line between the two users. Note 3: I have not found a way of putting comments in LDIFDE
text.
Summary of LDIFDELDIFDE is similar to CSVDE. Both are built-in commands on Windows servers. However LDIFDE has the advantage of allowing you to modify existing users. Even so, my advice is to ignore LDIFDE.
Instead master CSVDE and excel spreadsheets.
Their topics and material are ideal for getting you started with VBScript. The
videos are easy to follow and you can control the pace. Try their free demo material and then see if you want to buy the full package.
See more about VB Script Training CD.
|
