• Csvde Import

The data in the sample CSV files is provided to help you understand the type of values that you can enter. Before you can import the sample data in this file.

This guide introduces batch administration of the Active Directory TM service, using both the LDAP Data Interchange Format (LDIF) utility and a simple program you can write using the Visual Basic® Scripting Edition (VBScript) development system. Using these tools, you can export, import, and modify objects such as users, contacts, groups, servers, printers, and shared folders. On This Page Introduction In this guide, you will perform the following tasks:. Perform batch operations using the LDIFDE utility.

Export users from the Marketing organizational unit (OU) in the Reskit domain into a file format compatible with the LDIF standard format. Perform a batch modification of all the users in the Marketing OU. Use LDIF to create a new user and delete a user.

Perform batch operations using ADSI and VBScript. Export users from the Marketing OU in the Reskit domain into a text file, using a script written with ADSI and VBScript. Use VBScript to perform a batch modification of all the users in the Marketing OU. Use VBScript to create a new user and delete a user. Requirements and Prerequisites You must install the Windows 2000 Server operating system, including Active Directory, on a server in your network. You can then run the Administration Tools from the server or from a workstation running the Windows 2000 Professional operating system.

This step-by-step guide assumes that you have run the procedures in A Common Infrastructure for Windows 2000 Server Deployment Step-by-Step. The common infrastructure documents specify a particular hardware and software configuration. If you are not using the common infrastructure, you need to make the appropriate changes to this document. For the latest information about hardware requirements and compatibility for servers, clients, and peripherals, see the Windows 2000 Product Compatibility search page.

The Administration Tools are installed by default on all Windows 2000-based domain controllers. The LDIFDE utility described in this guide is installed by default on servers, and can be copied to any Windows 2000-based workstation. The VBScript programs that you create can be run from either servers or workstations. For all procedures in this guide, you must be logged on as an administrator. If you log on using an account that does not have administrative privileges, you may not be able to perform export and import operations in Active Directory. Using the LDIFDE Utility The LDAP Data Interchange Format (LDIF) is an Internet draft standard for a file format that can be used for performing batch operations on directories that conform to the LDAP standards.

LDIF can be used to export and import data, allowing batch operations such as Add, Modify, and Delete to be performed in Active Directory. A utility called LDIFDE is included in the Windows 2000 operating system to support batch operations based on the LDIF standard.

Using LDIF to Export All Objects in the Marketing OU You can use LDIFDE to export all objects in the Marketing organizational unit (OU), created in ' '. This example searches the organizational unit for certain objects and creates a file containing the names of those objects.

To export all objects in the Marketing OU. Click Start, point to Programs, then point to Accessories, and click Command Prompt. At the command prompt, type: ldifde -f marketing.ldf -s hq-res-dc-01-d'ou=Marketing,dc= reskit,dc=com'-psubtree–r'(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=reskit,DC=com)' This creates a LDIF file named Marketing.ldf, by connecting to the server named HQ-RES-DC-01 and executing a subtree search of the Marketing OU for all objects of the category Person.

(See Figure 1 below.) Note that objectCategory is an indexed attribute designed to enhance search performance. Figure 1: Creating an LDF file You can use this LDIF file to perform a batch import of all the objects from the Marketing OU into any other LDAP-compatible directory. Some attributes may not be applicable to other implementations of LDAP. In particular, if you use this mechanism to import the objects into another Active Directory, some attributes must be omitted because they are automatically generated during object creation. (If they are not specifically omitted, the operation will fail.) For example, the LDIFDE command that is used to omit these attributes is: ldifde -f marketing.ldf -s hq-res-dc-01 d 'ou=Marketing,dc= reskit,dc=com'–r '(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=reskit,DC=com)' –m Using LDIF to Modify All Objects in the Marketing OU In this example, the entire Marketing organization has moved to a new office address. You use LDIF to perform a batch modification for all user objects in the Marketing organization by altering the state, street, locality, and postal code attributes. To modify all objects in the Marketing OU.

Click Start, point to Programs, then point to Accessories, and click Command Prompt. At the command prompt, type the following command to extract the required entries: ldifde -f marketing.ldf -s hq-res-dc-01-d'ou=Marketing,dc= reskit,dc=com'-psubtree–r'(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=reskit,DC=com)' –l 'l,st,streetAddress, postalCode'. Use a text editor such as Notepad to edit the LDIF file, Marketing.ldf.

(Save the file as an.ldf file.) Modify each entry so that it is similar to that shown in Figure 2 below. Figure 3: Importing modifications into the Active Directory. To confirm that the entries have been modified, check the Active Directory Users and Computers snap-in. (For help with using this snap-in, see the. ) For further information on using LDIFDE, type LDIFDE /?

At the command prompt. Note: Another utility called CSVDE performs the same export functions as LDIFDE, but uses a comma-separated file format. Import operations with CSVDE are 'add' only, and CSVDE does not offer the ability to modify or delete objects. The CSV file format is supported by applications such as Microsoft Excel.

Using LDIF to Create a New User In this example, you use LDIF to add a new user named James Smith to the Marketing organizational unit. Start a text editor, such as Notepad, and create a new text file named Newuser.ldf. (Save the file as an ldif file, not as a text file.). Edit the LDIF file Newuser.ldf, and add the following text (see Figure 4 below): dn: CN=JamesSmith,OU=Marketing,DC=reskit,DC=com changetype: add cn: James Smith objectClass: user samAccountName: James givenName: James sn: Smith. Save and close the LDIF file. Run LDIFDE to import the new user into Active Directory. On the Start menu, point to Programs, then point to Accessories, and click Command Prompt.

Type the following command, and then press Enter. Ldifde –i -f newuser.ldf -s hq-res-dc-01. To confirm that the new user has been created, check the Active Directory Users and Computers snap-in.

Using VBScript and ADSI Active Directory Services Interfaces (ADSI) makes it easy to develop directory-enabled applications. In conjunction with the Windows Script Host, batch directory operations can be scripted using VBScript or Jscript® development software. In this guide, the procedures that were described in the previous section (which used LDIF) are performed using simple applications written in VBScript. Please note that these scripts do not include any error checking, nor are they meant to provide a programmer's reference to VBScript and ADSI. All of the examples included here assume you are logged on with the proper credentials on a machine that is a member of the target domain. It is possible in ADSI to explicitly specify credentials and a target domain. For more information on this, see the documentation on ADSI's OpenDSObject in the Platform SDK.

After each procedure, confirm that the entries have been modified by checking the Active Directory Users and Computers snap-in. Using VBScript to Export All Objects in the Marketing OU In this example, you use a text editor such as Notepad to create a VBScript program. The script searches the Marketing OU and creates a text file that lists all of the user objects and a subset of their attributes. Important Notes The example company, organization, products, people, and events depicted in these step-by-step guides are fictitious.

No association with any real company, organization, product, person, or event is intended or should be inferred. This common infrastructure is designed for use on a private network. The fictitious company name and DNS name used in the common infrastructure are not registered for use on the Internet. Please do not use this name on a public network or Internet. The Active Directory service structure for this common infrastructure is designed to show how Windows 2000 features work and function with the Active Directory. It was not designed as a model for configuring an Active Directory for any organization–for such information see the Active Directory documentation.

Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard. Csvde is a command-line tool that is built into Windows Server 2008 in the%windir%/system32 folder. It is available if you have the AD DS or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use csvde, you must run the csvde command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples. You cannot import user passwords by using csvde because passwords must be sent over an encrypted channel. Csvde does not support Secure Sockets Layer (SSL) or encrypted LDAP communication.

The previous references to passwords relate to the credentials of the user who is running csvde. They are not related to setting passwords for users.

Applications such as Microsoft Excel spreadsheet software are capable of reading and saving data in the CSV format. You can also create CSV files using Notepad; separate the values that you add to your file with commas.

In addition, the Microsoft Exchange Server administration tools are capable of importing and exporting data using the CSV format, as are many other from software developers other than Microsoft. The CSV format consists of one or more lines of data with each value separated by a comma and no spaces between the comma and the next entry. The first line (sometimes referred to as the header) of the CSV file must contain the names of each attribute in the same order as the data in any line following the first line. ObjectClass,dn,givenName,sn,samAccountName,Description user,distinguishedName,1stUserFirstName,1stUserSurname,FirstUserLogonName,Manager user,distinguishedName,2ndUserFirstName,2ndUserSurname,SecondUserLogonName,President.

To see a list of properties that csvde can update, see the appropriate supported interfaces in ADSI Objects of LDAP. For example, to see the properties that can be set for Active Directory user objects, see IADsUser Interface , and then view Properties. You can use csvde -r to create an LDAP search filter for data export. For example, the following filter exports all users with a particular surname.

The following sample file contents are for a domain named Cpandl.com that has organizational units (OUs) named SW Dev, Acct, and AP. The AP OU is subordinate to the Acct OU.

Csvde Import

The first line of the file defines the Active Directory object properties for user accounts to be created by the entries in the rest of the file. The remaining lines are used to create the user accounts. The first user account is created in the default Users container, and the rest of the user accounts are created in the SW Dev, Acct, and AP OUs, respectively.