Introduction to LDIFDE Import
Whilst I expect you want to use LDIFDE to import users into Active Directory, I suggest that you start with LDIFDE export. My reasoning is this, LDIFDE is a difficult command to master, however, the export switch is far easier to learn than the import. In addition there is less scope for damaging Active Directory when you are exporting. Assuming then that you have some experience – or you are a faster learner – let us master LDIFDE import.
Topics for LDIFDE Import
- LDIFDE Import – Add
- LDIFDE Import – Modify
- LDIFDE Import – Delete
- LDIFDE – FILL SEP
- Download your eBook: How to use LDIFDE commands – only $5.25
♦
LDIFDE Import
The key switch is -i without this tiny -i switch (Lower case I), LDIFDE will just export information or raise an error message. To master importing user accounts, you must understand the LDAP attributes. Also you need ‘Active Directory Users and Computer’ available for inspecting the users’ properties. Once you have written all the data in your .ldf file then just import the data with a command like this:
ldifde -i -f accounts.ldf -s BigServer
1. UsingLDIFDE to Add a New User
In this example, you use LDIFDE to add a new user named Guy Thomas to the Training organizational unit.
Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf extension.)
(Note you will need to substitute the information for your domain!)Edit the LDIF file Newuser.ldf, and add the following text :
dn: CN=GuyThomas, OU=Training, DC=computerperformance, DC=com
changetype: add
cn: Guy Thomas
objectClass: user
samAccountName: Guy
givenName: Guy
sn: ThomasSave the LDIF file.
Run LDIFDE to import the new user into Active Directory. Open a ‘dos box’, start run, CMD, then type the following command, and then press Enter.
ldifde -i -f newuser.ldf -s BigServerTo confirm that the new user has been created, check your Active Directory users and computers snap-in.
2.Modify a User’s Attributes
Once you have mastered adding users, then experiment with modifying existing attributes, this is the main advantage of LDIFDE over CSVDE. The key is the ‘changetype: ‘ command in the data file. The three possible commands are add, modify, and delete.
Changing the password is very difficult. Below is an example but you really need more details from your eBook to master the ‘unicodePwd’ syntax.
dn: CN=Guy Thomas, OU=Birmingham, DC=cp,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBZAG8AdQByAE4AZQB3AFAAdwBkACIA
–
3. Deleting a User
When you need to delete objects, firsly you need their dn: attributes. Secondly, on the next line, write a statement for changetype: delete.
Example: If you saved these entries into a file called leavers.ldf
dn: CN=Dilbert Seeley,CN=Users,DC=cp
changetype: delete
dn: CN=Psycho Lyon,CN=Users,DC=cp
changetype: delete
dn: CN=Joshua McGinn,CN=Users,DC=cp
changetype: delete
Guy Recommends: SolarWinds’ Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)
4a.Blank values – Good news
Firstly, some good news. Paul M and Kevan S each wrote in and told me of this solution to the Nul value problem:
I needed to add a null value when I had to clear the login script field and have it controlled by a GPO. The following worked for me
dn: CN=Example User,OU=Example OU,DC=example,DC=network,DC=com
changetype: modify
delete: scriptPath
–
The absence of scriptpath: on the subsequent line after replace: causes an empty/null field to be inserted.
Note: If it took two people to correct this point, it shows that LDIFDE syntax is tricky.
4b. Blank values – Is Fill SEP an Urban Myth?
Unfortunately, Fill SEP does not work, I was mistaken when I read this reference.
http://www.openldap.org/lists/openldap-bugs/200212/msg00002.html
Once again I thank Paul M. for writing in with the workable idea for null values – see 4a above.
See also
If you like this page then please share it with your friends
Download your eBook: How to use LDIFDE commands – only $5.25
Save hours of frustration and buy Guy’s eBook. The extra features include: detailed instructions on how to add and modify user accounts. Worked LDIFDE examples on changetype: and unicodePwd.
You get a printer friendly version with copy enabled, and no expiry date.
