Guy's Scripting Ezine 92 - LDIFDE

Guy recommends:
VBScript Training Video on CD

Is your server running slowly?  Check with SolarWinds ipMonitor

Get a free evaluation copy of ipMonitor

Contents for Ezine 92 - LDIFDE

• This Week's Secret
• Scenario
• Example Double Looping VBScript
• Summary of Looping
• Download the Spreadsheet

This Week's Secret

Let me say at the outset that I am not a great fan of LDIFDE (Lightweight Data Interchange Format, Data Exchange); I prefer VBScript or CSVDE.  However, I feel that it is time to give LDIFDE its moment in the limelight.  Despite my dismissive comments, LDIFDE cannot be all bad. For example, Exchange 2003 uses LDIF files to extend the schema.

In common with CSVDE, LDIFDE is a built-in executable found in Windows Server 2003 (and 2000).  If you need to experiment on an XP machine, simply copy the LDIFDE locally from the system32 folder on the server.  Tip, from the XP machine run \\server\admin$ then browse to the system32 folder.

Another similarity between LDIFDE and CSVDE is that they both feed on text files.  The actual LDIFDE executable is simply an engine that processes the Active Directory information you create in the .ldf file.  Both LDIFDE and CSVDE can bulk import users, however LDIFDE has a killer advantage in that you can modify or even delete objects in your Active Directory.

Specifically, what I have against LDIFDE is that I cannot manipulate the data in a spreadsheet.  I admit it's possible that I have missed a trick; perhaps someone knows of a clever spreadsheet macro, but for me the LDIFDE files are unwieldy compared with VBScript, which easily feeds ofs my spreadsheet data.  The key skill is LDAP.  Whether you use CSVDE, VBScript or LDIFDE you simply must be an expert on LDAP properties, for example sAMAccountName, sn and givenName.  My secret of becoming a minor expert on LDAP was research with ADSI Edit.

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

LDIFDE Strategy

LDIFDE looks for an import or export command, followed by a text file.  The text file extension is not important, but the syntax is picky.  Here is an example, ldifde -i -f ron.ldf.  The -i switch means import, while -f introduces the file name.

Let us assume that we need to modify the properties of a user called Ron.  Previously Ron's office was situated in Cambridge, now we want this Active Directory value to be changed to Oxford.  When I researched ADSI Edit, I discovered that the LDAP for office was - PhysicalDeliveryOfficeName.

Example 1 - Modify LDAP with LDIFDE

Instructions

1)  Change OU,Students to the name of your experimental OU.  Alternatively, create an OU called Students.

2)  Either create a user called Ron, or else change cn=ron to cn =youruser.

3)  Amend DC=CP,DC=mosel to the name of your domain. 
     Investigate whether you have an extension called DC=Local, or DC=com.

Preparation.

With LDAP, the key task is to prepare the text file.  Our first line contains Ron's dn: (distinguished name).  Writing the DN is not an easy task, but to be fair, once you have worked out one user's dn, it is relatively easy to adjust the CN or the OU for other users.  (Even so, I still don't like this technique, I prefer a spreadsheet.)

On the second line, we need to tell LDIFDE whether to add, delete, or as in this instance, modify Ron's PhysicalDeliveryOfficeName.

On the third line, I choose the word replace, followed by a colon: then the LDAP property.  Again, ADSI Edit is my tool of choice to research the precise LDAP name.

Immerse yourself in the LDIFDE syntax.  In particular remember the dash (not underscore) which separates the records.

Copy the script below, save to a know location on a Windows Server, for example C:\scripts\ron.ldf.  Next open a CMD prompt type:

1)  CD C:\scripts

2)  LDIFDE -i -f ron.ldf

Guy's Learning Points

Note 1:  changetype: modify.   This is a precise instruction to alter the record

Note 2:  replace: PhysicalDeliveryOfficeName.  You could amend PhysicalDeliveryOfficeName to other LDAP properties, for example displayName.

Note 3:  PhysicalDeliveryOfficeName: Oxford.  Feel free to change Oxford to any location that you like.

Note 4:  Investigate Active Directory Users and Computers.  In particular right click the OU and select refresh.  Check Ron's General tab, Office.

Note 5:  Important.  Remember that the text file needs a dash (-) to indicate the end of record.

Example 2.  Modify Two Users with LDF File

This script modifies not one but two user accounts.

Guy's Learning Points

Note 1:  Each record ends with a dash -.

Note 2:  The blank line between the two users.

Note 3:  I have not found a way of putting comments in LDIFDE text.

Summary of LDIFDE

LDIFDE is similar to CSVDE.  Both are built-in commands on Windows servers.  However LDIFDE has the advantage of allowing you to modify existing users.  Even so, my advice is to ignore LDIFDE.  Instead master CSVDE and excel spreadsheets.

Guy Thomas recommends Computer Training Software. 

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.