CSVDE Imports user accounts into Active Directory
CSVDE is the type of program that you learn for a specific task and then forget about. Therefore, what you need are a few tried and tested examples to get started. The classic job for CSVDE is to import user accounts into a Windows domain. We often use CSVDE to create users on a test network, our main use for CSVDE is to research LDAP names. What we do is a quick export of Active Directory into a .csv file. Then open that .csv export file with Excel and study the LDAP fields in the first row of the spreadsheet.
Comma – Delimit data with a comma, not tab.
Separated – Split a string of data.
Value -Values, rather than properties.
Data – Deal with data, and don’t worry about the objects.
Exchange – Move data from the spreadsheet into Active Directory (or vica versa).
Think of CSVDE as the engine that drives data into or out of Active Directory. This CSVDE engine has two directions, export and import. The data consists of Active Directory accounts in CSV format. Excel, or a similar spreadsheet, is marvelous at dropping the comma-separated data into columns.
To actually export from Active Directory, all you need is CSVDE -f filename.csv. As export is the default mode, there is no -e switch, so just issue CSVDE, the -f switch and a suitable name.
Whenever you transfer data in the other direction, from the file into Active Directory, you must actively switch CSVDE into import mode. This is why you need the extra the -i parameter.
For example CSVDE -i -f filename.csv.
So you want to use LDIFDE to import users into Active Directory, I suggest that you start with LDIFDE export. My reasoning is this, LDIFDE is a difficult command to master, however, the export switch is far easier to learn than the import. In addition there is less scope for damaging Active Directory when you are exporting.
The key switch is (-i) without this tiny -i switch (Lower case I), LDIFDE will just export information or raise an error message. To master importing user accounts, you must understand the LDAP attributes. Also you need ‘Active Directory Users and Computer’ available for inspecting the users’ properties. Once you have written all the data in your ” .ldf” file then just import the data with a command like this:
ldifde -i -f accounts.ldf -s MyServer
In this example, you use LDIFDE to add a new user named Bill Gates to the Developers organizational unit.
- Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf extension.)
(Note you will need to substitute the information for your domain!)
- Edit the LDIF file Newuser.ldf, and add the following text :
dn: CN=BillGates, OU=Developers, DC=squidworks, DC=net
cn: Bill Gates
- Save the LDIF file.
- Run LDIFDE to import the new user into Active Directory. Open a ‘dos box’, start run, CMD, then type the following command, and then press Enter.
ldifde –i -f newuser.ldf -s MyServer
- To confirm that the new user has been created, check your Active Directory users and computers snap-in.
When you need to delete objects, firsly you need their dn: attributes. Secondly, on the next line, write a statement for changetype: delete.
Example: If you saved these entries into a file called leavers.ldf
You may needed to add a null value when you have to clear the login script field and have it controlled by a GPO. The following worked for us.
dn: CN=Example User,OU=Example OU,DC=example,DC=network,DC=com
changetype: modify delete: scriptPath-The absence of scriptpath: on the subsequent line after replace: causes an empty/null field to be inserted.