Step-by-Step Guide to Bulk Import and Export to Active Directory



Similar documents
Step-by-Step Guide to Active Directory Bulk Import and Export

HOW TO: Customise the style of the display name in Active Directory Users and Computers and the GAL

Module 4: Implementing User, Group, and Computer Accounts

Module 1: Introduction to Active Directory Infrastructure

Module 3: Implementing an Organizational Unit Structure

How To Set Up A Webmin Account On A Libc (Libc) On A Linux Server On A Windows 7.5 (Amd) With A Password Protected Password Protected (Windows) On An Ubuntu (Amd

Active Directory Commands ( )

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Troubleshooting Active Directory Server

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Using LDAP Authentication in a PowerCenter Domain

Windows Server 2003 Logon Scripts Paul Flynn

AD Schema Update IPBrick iportalmais

TechJam Active Directory Auditing Presenter Matt Warburton Professional Services

Specops Command. Installation Guide

Modifying the Active Directory Schema to Support Mac Systems

The following gives an overview of LDAP from a user's perspective.

Introduction Installing and Configuring the LDAP Server Configuring Yealink IP Phones Using LDAP Phonebook...

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

User Management Tool 1.5

How To - Implement Single Sign On Authentication with Active Directory

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

User Management Resource Administrator. Managing LDAP directory services with UMRA

EventTracker: Support to Non English Systems

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

Microsoft Windows Server 2008 Active Directory, Configuring

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Mailbox Recovery for Microsoft Exchange 2000 Server. Published: August 2000 Updated: July 2002 Applies To: Microsoft Exchange 2000 Server SP3

Out n About! for Outlook Electronic In/Out Status Board. Administrators Guide. Version 3.x

11 essential tools for managing Active Directory

Autograph 3.3 Network Installation

Administrator s Guide

Automatic Network Deployment

AdminToys Suite. Installation & Setup Guide

ProxySG TechBrief LDAP Authentication with the ProxySG

User Management Tool 1.6

ADMT v3 Migration Guide

PC Power Down. MSI Deployment Guide

Application Note. SA Server and ADAM

IPBrick - Member of AD domain IPBrick iportalmais

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

Restructuring Active Directory Domains Within a Forest

How to monitor AD security with MOM

LDAP Server Configuration Example

Windows Clients and GoPrint Print Queues

Authoring for System Center 2012 Operations Manager

ACTIVE DIRECTORY DEPLOYMENT

Administrator s Guide

Deployment of Keepit for Windows

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Windows Security Scoring Tool Implementation Guide v2.0.1

Technical Bulletin 005 Revised 2010/12/10

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

PingFederate. IWA Integration Kit. User Guide. Version 3.0

CHAPTER THREE. Managing Groups

Installation and Configuration Guide

ALTIRIS CONNECTOR 6.0 FOR ACTIVE DIRECTORY HELP

Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu

Managing Identities and Admin Access

Configuring Microsoft Active Directory for Oracle Net Naming. An Oracle White Paper April 2014

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

ContentWatch Auto Deployment Tool

Installation Guide - Client. Rev 1.5.0

Integration with Active Directory

Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7

PowerBroker Identity Services. Programmer's Guide

Configuring Microsoft Active Directory 2003 for Net Naming. An Oracle White Paper September 2008

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Using Internet or Windows Explorer to Upload Your Site

Outpost Network Security

Technical Reference: Deploying the SofTrack MSI Installer

ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains

SOLAARsecurity. Administrator Software Manual Issue 2

Novell ZENworks Asset Management 7.5

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

LDAP Server Configuration Example

PLANNING AND DESIGNING GROUP POLICY, PART 1

MailStore Outlook Add-in Deployment

NSi Mobile Installation Guide. Version 6.2

How to - Install EventTracker and Change Audit Agent

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

XenDesktop Implementation Guide

Active Directory and Cisco CallManager Integration Troubleshooting Guide

Stellar Active Directory Manager

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

HELP DOCUMENTATION UMRA USER GUIDE

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Configuration Guide. BES12 Cloud

Transcription:

All Products Support Search microsoft.com Guide Windows 2000 Home Windows 2000 Worldwide Search This Site Go Advanced Search Windows 2000 > Technical Resources > Step-by-Step Guides Step-by-Step Guide to Bulk Import and Export to Active Directory Windows 2000 Product Information How to Buy Technical Resources Downloads Support Technologies Partners Windows Server Community Windows Family Windows Update Posted: February 16, 2000 Introduction This guide introduces batch administration of the Active Directory TM service, using both the LDAP Data Interchange Format (LDIF) utility and a simple program you can write using the Visual Basic Scripting Edition (VBScript) development system. Using these tools, you can export, import, and modify objects such as users, contacts, groups, servers, printers, and shared folders. In this guide, you will perform the following tasks: Perform batch operations using the LDIFDE utility. Export users into a file format compatible with the LDIF standard format. Perform a batch modification of all the users. Use LDIF to create a new user and delete a user. Perform batch operations using ADSI and VBScript. Export users into a text file, using a script written with ADSI and VBScript. Use VBScript to perform a batch modification of all the users. Use VBScript to create a new user and delete a user. Requirements and Prerequisites You must install the Windows 2000 Server operating system, including Active Directory, on a server in your network. You can then run the Administration Tools from the server or from a workstation running the Windows 2000 Professional operating system. This step-by-step guide assumes that you have run the procedures in A Common Infrastructure for Windows 2000 Server Deployment Step-by-Step Parts 1 and 2. ON THIS PAGE Introduction Important Notes Using the LDIFDE utility Using VBScript and ADSI RELATED LINKS Part 1: Installing a Windows 2000 Server as a Domain Controller Part 2: Installing a Windows 2000 Professional Workstation and Connecting it to a Domain Windows 2000 Server Online Help Windows 2000 Planning and Deployment Guide Directory Services Windows 2000/NT Forum LDIF draft standard, draft-good-ldap-ldif-05.txt The common infrastructure documents specify a particular hardware and software configuration. If you are not using the common infrastructure, you need to make the appropriate changes to this document. For the latest information about hardware requirements and compatibility for servers, clients, and peripherals, see the Windows 2000 Product Compatibility search page. The Administration Tools are installed by default on all Windows 2000-based domain controllers. The LDIFDE utility described in this guide is installed by default on servers, and can be copied to any Windows 2000-based workstation. The VBScript programs that you create can be run from either servers or workstations. For all procedures in this guide, you must be logged on as an administrator. If you log on using an account that does not have administrative privileges, you may not be able to perform export and import operations in Active Directory. Important Notes The names of the company, organization, products, people, and events used in these step-by-step guides are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred. The step-by step guides are based on a common infrastructure designed for use on a private network. The fictitious company name and DNS name used in this common infrastructure are not registered for use on the Internet. Please do not use this name on a public network or the Internet. The Active Directory service structure for this common infrastructure is designed to show how Windows 2000 features work and function with the Active Directory. It was not designed as a model for configuring an Active Directory for any organization -- for such information see the Active Directory documentation. For more information about the common infrastructure, see the "Requirements and Prerequisites" section of this document. Using the LDIFDE utility The LDAP Data Interchange Format (LDIF) is an Internet draft standard for a file format that can be used for 1 of 6 31/12/2002 12:47

performing batch operations on directories that conform to the LDAP standards. LDIF can be used to export and import data, allowing batch operations such as Add, Modify, and Delete to be performed in Active Directory. A utility called LDIFDE is included in the Windows 2000 operating system to support batch operations based on the LDIF standard. Using LDIF to Export All Objects in the Marketing OU You can use LDIFDE to export all objects in the Marketing organizational unit (OU), created in "Step-by-Step Guide to Common Infrastructure Part 1". This example searches the organizational unit for certain objects and creates a file containing the names of those objects. To export all objects in the Marketing OU 2. Click Start, point to Programs, then point to Accessories, and click Command Prompt. At the command prompt, type: ldifde -f marketing.ldf -s hq-res-dc-01-d"ou=marketing,dc= reskit,dc=com"-psubtree r"(objectcategory=cn=person,cn=schema,cn=configuration,dc=reskit,dc=com)" This creates a LDIF file named Marketing.ldf, by connecting to the server named HQ-RES-DC-01 and executing a subtree search of the Marketing OU for all objects of the category Person. (See Figure 1 below.) Note that objectcategory is an indexed attribute designed to enhance search performance. Figure Creating an LDF file You can use this LDIF file to perform a batch import of all the objects from the Marketing OU into any other LDAP-compatible directory. Some attributes may not be applicable to other implementations of LDAP. In particular, if you use this mechanism to import the objects into another Active Directory, some attributes must be omitted because they are automatically generated during object creation. (If they are not specifically omitted, the operation will fail.) For example, the LDIFDE command that is used to omit these attributes is: ldifde -f marketing.ldf -s hq-res-dc-01 d "ou=marketing,dc= reskit,dc=com" r >"(objectcategory=cn=person,cn=schema,cn=configuration,dc=reskit,dc=com)" m Using LDIF to Modify All Objects in the Marketing OU In this example, the entire Marketing organization has moved to a new office address. You use LDIF to perform a batch modification for all user objects in the Marketing organization by altering the state, street, locality, and postal code attributes. To modify all objects in the Marketing OU 2. Click Start, point to Programs, then point to Accessories, and click Command Prompt. At the command prompt, type the following command to extract the required entries: ldifde -f marketing.ldf -s hq-res-dc-01-d"ou=marketing,dc= reskit,dc=com"-psubtree r"(objectcategory=cn=person,cn=schema,cn=configuration,dc=reskit,dc=com)" l "l,st,streetaddress, postalcode" 3. Use a text editor such as Notepad to edit the LDIF file, Marketing.ldf. (Save the file as an.ldf file.) Modify each entry so that it is similar to that shown in Figure 2 below. 2 of 6 31/12/2002 12:47

4. Figure 2. Editing attributes for a move Run LDIFDE to import the modifications into Active Directory. At the command prompt, type the following command, and then press > Enter. (See Figure 3 below.) ldifde i -f marketing.ldf -s hq-res-dc-01 Figure 3. Importing modifications into the Active Directory 5. To confirm that the entries have been modified, check the Active Directory Users and Computers snap-in. (For help with using this snap-in, see the Step-by-Step Guide to Managing the Active Directory.) For further information on using LDIFDE, type LDIFDE /? at the command prompt. Note: Another utility called CSVDE performs the same export functions as LDIFDE, but uses a comma-separated file format. Import operations with CSVDE are add only, and CSVDE does not offer the ability to modify or delete objects. The CSV file format is supported by applications such as Microsoft Excel. Using LDIF to Create a New User In this example, you use LDIF to add a new user named James Smith to the Marketing organizational unit. Start a text editor, such as Notepad, and create a new text file named Newuser.ldf. (Save the file as an ldif file, not as a text file.) 2. Edit the LDIF file Newuser.ldf, and add the following text (see Figure 4 below): dn: CN=JamesSmith,OU=Marketing,DC=reskit,DC=com changetype: add cn: James Smith objectclass: user samaccountname: James > givenname: James > sn: Smith 3. Save and close the LDIF file. 4. Run LDIFDE to import the new user into Active Directory. On the Start menu, point to Programs, then point to Accessories, and click Command Prompt. Type the following command, and then press Enter. ldifde i -f newuser.ldf -s hq-res-dc-01 5. To confirm that the new user has been created, check the Active Directory Users and Computers snap-in. Figure 4. Adding a new user to the Marketing OU Using LDIF to Delete a User 3 of 6 31/12/2002 12:47

In this example, you use LDIF to remove the user named James Smith from the Marketing OU. 2. Start a text editor such as Notepad, and create a new file named Deluser.ldf. Edit the LDIF file Deluser.ldf, and add the following text. dn: CN=JamesSmith,OU=Marketing,DC=reskit,DC=com changetype: delete 3. Figure 5. Remove James Smith from OU Run LDIFDE to delete the user from Active Directory. At the command prompt, type the following command, and then press Enter. ldifde i -f deluser.ldf -s hq-res-dc-01 4. To confirm that the user has been deleted, check the Active Directory Users and Computers snap-in. Using VBScript and ADSI Active Directory Services Interfaces (ADSI) makes it easy to develop directory-enabled applications. In conjunction with the Windows Script Host, batch directory operations can be scripted using VBScript or Jscript development software. In this guide, the procedures that were described in the previous section (which used LDIF) are performed using simple applications written in VBScript. Please note that these scripts do not include any error checking, nor are they meant to provide a programmer s reference to VBScript and ADSI. All of the examples included here assume you are logged on with the proper credentials on a machine that is a member of the target domain. It is possible in ADSI to explicitly specify credentials and a target domain. For more information on this, see the documentation on ADSI s OpenDSObject in the Platform SDK. After each procedure, confirm that the entries have been modified by checking the Active Directory Users and Computers snap-in. Using VBScript to Export All Objects in the Marketing OU In this example, you use a text editor such as Notepad to create a VBScript program. The script searches the Marketing OU and creates a text file that lists all of the user objects and a subset of their attributes. To create the export script Copy the following text into your text editor: 'Global variables Dim ocontainer Dim OutPutFile Dim FileSystem 'Initialize global variables Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") Set OutPutFile = FileSystem.CreateTextFile("marketing.txt", True) SetoContainer=GetObject("LDAP://OU=marketing,DC=reskit,DC=com") 'Enumerate Container EnumerateUsers ocontainer 'Clean up OutPutFile.Close Set FileSystem = Nothing WScript.Quit(0) Sub EnumerateUsers(oCont) Dim ouser For Each ouser In ocont Select Case LCase(oUser.Class) Case "user" If Not IsEmpty(oUser.distinguishedName) Then OutPutFile.WriteLine "dn: " & ouser.distinguishedname If Not IsEmpty(oUser.name) Then 4 of 6 31/12/2002 12:47

OutPutFile.WriteLine "name: " & ouser.get ("name") 'need to do this because ouser.name would get back the Relative Distinguished name (i.e. CN=Jo Brown) If Not IsEmpty(oUser.st) Then OutPutFile.WriteLine "st: " & ouser.st If Not IsEmpty(oUser.streetAddress) Then OutPutFile.WriteLine "streetaddress: " & ouser.streetaddress Case "organizationalunit", "container" EnumerateUsers ouser End Select OutPutFile.WriteLine Next End Sub 2. Save the file as Export.vbs. 3. At the command prompt type export.vbs and press Enter. This creates a file named Marketing.txt, which contains a list of users and some of their attributes, such as distinguished name, name, state, and street address. With appropriate modification, this script can be used with any application that supports COM and Visual Basic technologies. Such applications include Microsoft Visual Basic, Microsoft Excel, and Microsoft Access. Scripting can also be hosted by Internet Explorer and Internet Information Services 5.0, which is part of Windows 2000 Server. Using VBScript to Modify All Objects in the Marketing OU In this example, the Marketing organization has moved to a new office address. A simple VBScript program is used to perform a batch modification for all user objects in the Marketing organization. The script alters the state, street, locality, and postal code attributes. Copy the following text into your text editor: Dim ocontainer Set ocontainer=getobject("ldap://ou=marketing,dc=reskit,dc=com") ModifyUsers ocontainer 'cleanup Sub ModifyUsers(oObject) Dim ouser oobject.filter = Array("user") For Each ouser in oobject ouser.put "st","new York" ouser.put "streetaddress","825 Eighth Avenue" ouser.put "postalcode","10019" ouser.put "l","new York" ouser.setinfo Next End Sub 2. Save the file as Modify.vbs. 3. At the command prompt, type modify.vbs and press Enter. This processes all objects in the Marketing organizational unit and modifies all users, altering the state, street address, postal code, and locality attributes. Using VBScript to Create a User Object in the Marketing OU In this example, you use VBScript to add a new user to the Marketing organization. This example illustrates how easy it is to use ADSI and VBScript to programmatically access the directory. Note that in this example, only a limited set of attributes are configured during the user creation. To create the script and add the user 5 of 6 31/12/2002 12:47

Copy the following text into your text editor: of new Dim ocontainer 'Parent container user Dim ouser 'Created user 'Get parentcontainersetocontainer=getobject("ldap://ou=marketing,dc=reskit,dc=com") 'Create user Set ouser = ocontainer.create("user","cn=jo Brown") 'Assign properties values to user ouser.put "samaccountname","jo" ouser.put "givenname","jo" ouser.put "sn","brown" ouser.put "userprincipalname","jo@reskit.com" ouser.setinfo 'Clean up Set ouser = Nothing 2. Save the file as Adduser.vbs. 3. At the command prompt, type adduser.vbs and press Enter. This creates a new user named Jo Brown in the Marketing OU. Using VBScript to Delete a User In this example, you use VBScript to delete a user from the Marketing organization. Copy the following text into your text editor: Dim ocontainer 'Parent container of object to be deleted 'Get parent container Set ocontainer=getobject("ldap://ou=marketing,dc=reskit,dc=com") 'Delete user ocontainer.delete "user","cn=jo Brown" 'Clean up 2. Save the file as Deluser.vbs. 3. At the command prompt, type deluser.vbs and press Enter. This deletes the user Jo Brown from the Marketing OU. Contact Us E-Mail This Page Free Newsletters 2002 Microsoft Corporation. All rights reserved. Terms of Use. Privacy Statement Accessibility 6 of 6 31/12/2002 12:47

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information