In a previous article on LDIFDE, Extracting AD info quickly and easily with LDIFDE, I explored using the LDIFDE.exe tool to export data. I covered an introduction to the tool itself, basic syntax as well as the fundamentals of using the LDAP search filter to narrow down the output.
In this article, I will discuss two additional features in this area: importing data and the use of CSVDE.exe, an additional utility with similar syntax as LDIFDE, allowing you to output data to or input data from a comma-separated file.
First, let's examine importing using LDIFDE. This can be done in the form of modifying already exported objects or by creating new ones. Objects can also be imported into other LDAP directory services; or objects that were exported from other services can be imported to AD with LDIFDE import. To import, you must use the –i option with the ldifde command, along with at least an input file name and the DC it is to connect to.
The following command imports the objects specified in the input file newusers.ldf on the server ATL-DC1:
Ldifde –i –f newusers.ldf –s ATL-DC1
Modifying user attributes
Suppose the company had moved the engineering department to a new building on the other side of town, giving those users a new street address and postal code. We can script the change with LDIFDE by starting with a dump of the Engineering OU.
C:>ldifde -f Address.ldf -s ATL-DC1 –d "ou=engineering,dc=company,dc=com"
–p onelevel -r " (objectClass=user)" -l "cn,streetAddress,l,city,st,postalCode"
The Address.ldf output file (partial list):
CN=Caroline Carter,OU=Engineering,DC=Company,DC=com
changetype: add
cn: Caroline Carter
dn: CN=Tyler Olsen,OU=Engineering,DC=Company,DC=com
changetype: add
cn: Tyler Olsen
l: Alpharetta
st: GA
postalCode: 30706
streetAddress: 123 Sycamore Court
dn: CN=Abigail witbeck,OU=Engineering,DC=Company,DC=com
changetype: add
cn: kydon witbeck
l: Dunwoody
st: GA
postalCode: 31212
streetAddress: 2109 Karel Court
dn: CN=Carter Urbanawiz,OU=Engineering,DC=Company,DC=com
changetype: add
cn: Matt Urbanawiz
l: Roswell
st: GA
postalCode: 30067
streetAddress: 345 Azalea Drive
dn: CN=Lisa Lichfield,OU=Engineering,DC=Company,DC=com
changetype: add
cn: Lisa Lichfield
Now we can modify the exported Address.ldf file with the needed corrections and import it back into the Engineering OU. Using the exported Address.ldf, you can see that some users didn't have any address attributes and some had their home address listed. By simply editing that .ldf file and inserting the attributes for city, state, street address and postal code, we can quickly import them into the Active Directory. The address.ldf file is modified to change the address to 123 Sycamore Court, Roswell, GA 30706 as follows:
dn: CN=Caroline Carter,OU=Engineering,DC=Company,DC=com
changetype: modify
replace: l
l:Roswell
-
replace: st
st: GA
-
replace: postalCode
postalCode: 30706
-
replace: streetaddress
streetaddress: 123 Sycamore Court
-
dn: CN=Tyler Olsen,OU=Engineering,DC=Company,DC=com
changetype: modify
replace: l
l:Roswell
-
replace: st
st: GA
-
replace: postalCode
postalCode: 30706
-
replace: streetaddress
streetaddress: 123 Sycamore Court
-
This import file has some interesting caveats that will drive you crazy until you figure them out. To save you some time, here they are:
- If you are making changes to an existing object, use the Modify changetype. Note that Caroline Carter didn't have any address attributes -- but we used modify rather than add.
- The syntax to replace an attribute is:
- Replace:<attribute>
- <attribute>:<new value>
- You can specify multiple attribute changes, but each one must be separated with a line containing only a hyphen (-).
- The first attribute replaced is not separated from the changetype line with a hyphen (-).
- Before starting a new Object, separate previous commands with a line containing only a hyphen and a blank line.
The LDIFDE command to import these changes to the AD are:
ldifde –i -f Address.ldf -s ATL-DC1
The results can be viewed in the Users and Computers snap-in as shown in Figure 1.
Figure 1. User Properties of user Caroline Carter show modified values for address fields.
Adding new users
You can add users by creating a text file in the following format. Note that the ObjectClass must be specified and there is a blank line delimiter between the object specifications (and just when you thought you had that stuff with the hyphens figured out):
dn: CN=Spencer Johnson,OU=Engineering,DC=company,DC=com
changetype: add
cn: Spencer Johnson
objectClass: user
l: Roswell
st: GA
postalCode: 30706
streetAddress: 123 Sycamore Court
dn: CN=Carter Urbanawiz,OU=Engineering,DC=company,DC=com
changetype: add
cn: Carter Urbanawiz
objectClass: user
l: Roswell
st: GA
postalCode: 30706
streetAddress: 123 Sycamore Court
dn: CN=Lisa Lichfield,OU=Engineering,DC=company,DC=com
changetype: add
cn: Lisa Lichfield
objectClass: user
l: Roswell
st: GA
postalCode: 30706
streetAddress: 123 Sycamore Court
This file can be used to import the objects to the AD with this command:
Ldifde –i –f addusers.ldf –s atl-dcl
Note: Users imported with LDIFDE in this manner will be automatically disabled in Active Directory.
Users can also be deleted by importing an ldf file and specifying the DN of the user and a changetype of delete:
dn: CN=Carter Urbanawiz,"OU=Engineering,DC=company,DC=com
changetype: delete
dn: CN=Abigail Witbeck,OU=Engineering,DC=company,DC=com
changetype: delete
CSVDE
There is a companion utility, CSVDE, that uses mostly the same commands as LDIFDE, but the input and output is in a comma-separated file. Figure 2 shows the results of taking the comma-separated output of the following command and importing it into an Excel spreadsheet:
Csvde –f exportusers.ldf –s atl-dc1 –d ou=engineering,dc=company,dc=com"
–p onelevel –r "(objectClass=user)"
Note: Import operations with CSVDE are "add" only, and CSVDE does not offer the ability to modify or delete objects.
Figure 2. Output of CSVDE command imported into Excel Spreadsheet.
Obviously there are more powerful scripting tools for bulk import and export of Active Directory objects, such as VBScript and ADSI and other tools in the Windows .NET Framework. The nice thing about LDIFDE and CSVDE is they are simple enough for the average non-programmer to use, and if you don't have the time or expertise to develop a complex script, these tools will probably do the job. There isn't a lot of help from Microsoft on this but I searched Google and found several sites offering e-books (online books) for a small fee. The most impressive one was Jumbo Scripts by Guy Thomas. It covers LDIFDE, CSVDE and Logon scripts. That site has a plethora of free "How To" pages as well as books containing samples of using LDIFDE, CSVDE and WSH for exporting and importing objects into Active Directory.
Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He authored Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.
