Logon Scripts

Guy recommends :
Free Solarwinds
VM Console

Solarwinds VM Console Free Download

Find out which of your VMs are a waste of space and which VMs need more resources.
Custom Search

Guy recommends:
Free network monitor

Solarwinds Network Device Monitor

Solarwinds' free monitor makes it easy to check the performance and health of a router or firewall.

Download your free Network Device Monitor

LDIFDE - Import

Introduction to LDIFDE Import

Whilst I expect you want to use LDIFDE to import users into Active Directory, I suggest that you start with LDIFDE export.  My reasoning is this, LDIFDE is a difficult command to master, however, the export switch is far easier to learn than the import.  In addition there is less scope for damaging Active Directory when you are exporting.  Assuming then that you have some experience - or you are a faster learner - let us master LDIFDE import.

Topics for LDIFDE Import

 ♦

LDIFDE Import

The key switch is -i without this tiny -i switch (Lower case I), LDIFDE will just export information or raise an error message.  To master importing user accounts, you must understand the LDAP attributes.  Also you need 'Active Directory Users and Computer' available for inspecting the users' properties.  Once you have written all the data in your .ldf file then just import the data with a command like this:

ldifde -i -f accounts.ldf -s BigServer

1. Using LDIFDE to Add a New User

In this example, you use LDIFDE to add a new user named Guy Thomas to the Training organizational unit.

  1. Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf extension.)
    (Note you will need to substitute the information for your domain!)

  2. Edit the LDIF file Newuser.ldf, and add the following text :
    dn: CN=GuyThomas, OU=Training, DC=computerperformance, DC=com
    changetype: add
    cn: Guy Thomas 
    objectClass: user
    samAccountName: Guy
    givenName: Guy
    sn: Thomas

  3. Save the LDIF file.

  4. Run LDIFDE to import the new user into Active Directory.  Open a 'dos box', start run, CMD, then type the following command, and then press Enter.
    ldifde -i -f newuser.ldf -s BigServer

  5. To confirm that the new user has been created, check your Active Directory users and computers snap-in.

2. Modify a User's Attributes

Once you have mastered adding users, then experiment with modifying existing attributes, this is the main advantage of LDIFDE over CSVDE.  The key is the 'changetype: ' command in the data file.  The three possible commands are add, modify, and delete.

Changing the password is very difficult.  Below is an example but you really need more details from your eBook to master the 'unicodePwd' syntax.

dn: CN=Guy Thomas, OU=Birmingham, DC=cp,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBZAG8AdQByAE4AZQB3AFAAdwBkACIA

-

3. Deleting a User

When you need to delete objects, firsly you need their dn: attributes.  Secondly, on the next line, write a statement for changetype: delete.

Example: If you saved these entries into a file called leavers.ldf

dn: CN=Dilbert Seeley,CN=Users,DC=cp
changetype: delete

dn: CN=Psycho Lyon,CN=Users,DC=cp
changetype: delete

dn: CN=Joshua McGinn,CN=Users,DC=cp
changetype: delete

Guy Recommends:  Solarwinds' Free Bulk Import ToolFree Download Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD's attributes, click and import the users.  Optionally, you can provide the name of the OU where the new accounts will be born.

There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:

  1. Bulk-import new users into Active Directory.
  2. Seek and zap unwanted user accounts.
  3. Find inactive computers.

Download your FREE bulk import tool.

4a. Blank values - Good news

Firstly, some good news.  Paul M and Kevan S each wrote in and told me of this solution to the Nul value problem:

I needed to add a null value when I had to clear the login script field and have it controlled by a GPO. The following worked for me

dn: CN=Example User,OU=Example OU,DC=example,DC=network,DC=com

changetype: modify

delete: scriptPath

-

The absence of scriptpath: on the subsequent line after replace: causes an empty/null field to be inserted.

Note: If it took two people to correct this point, it shows that LDIFDE syntax is tricky.

4b. Blank values - Is Fill SEP an Urban Myth?

Unfortunately, Fill SEP does not work, I was mistaken when I read this reference.

 http://www.openldap.org/lists/openldap-bugs/200212/msg00002.html

Once again I thank Paul M. for writing in with the workable idea for null values - see 4a above.

 See also

If you like this page then please share it with your friends

 


Download your eBook:  How to use LDIFDE commands - only $5.25

LDIFDESave hours of frustration and buy Guy's eBook.  The extra features include: detailed instructions on how to add and modify user accounts.  Worked LDIFDE examples on changetype: and unicodePwd.

You get a printer friendly version with copy enabled, and no expiry date.

 

 *

Custom Search

Guy Recommends: WMI Monitor and It's Free!Solarwinds WMI Monitor

Windows Management Instrumentation (WMI) is one of the hidden treasures of Microsoft operating systems.

Fortunately, Solarwinds have created the Free WMI Monitor so that you can actually see and understand these gems of performance information.  Take the guess work out of which WMI counters to use for applications like Microsoft Active Directory, SQL or Exchange Server.

Download your free copy of WMI Monitor

 

Home Copyright © 1999-2012 Computer Performance LTD All rights reserved

Please report a broken link, or an error.