LDIFDE – Import

Whilst I expect you want to use LDIFDE to import users into Active Directory, I suggest that you start with LDIFDE export. My reasoning is this, LDIFDE is a difficult command to master, however, the export switch is far easier to learn than the import. In addition there is less scope for damaging Active Directory when you are exporting. Assuming then that you have some experience – or you are a faster learner – let us master LDIFDE import.

Topics for LDIFDE Import

LDIFDE Import

The key switch is -i without this tiny -i switch (Lower case I), LDIFDE will just export information or raise an error message. To master importing user accounts, you must understand the LDAP attributes. Also you need ‘Active Directory Users and Computer’ available for inspecting the users’ properties. Once you have written all the data in your .ldf file then just import the data with a command like this:

ldifde -i -f accounts.ldf -s BigServer

1. UsingLDIFDE to Add a New User

In this example, you use LDIFDE to add a new user named Guy Thomas to the Training organizational unit.

  1. Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf extension.)
    (Note you will need to substitute the information for your domain!)
  2. Edit the LDIF file Newuser.ldf, and add the following text :
    dn: CN=GuyThomas, OU=Training, DC=computerperformance, DC=com
    changetype: add
    cn: Guy Thomas
    objectClass: user
    samAccountName: Guy
    givenName: Guy
    sn: Thomas
  3. Save the LDIF file.
  4. Run LDIFDE to import the new user into Active Directory. Open a ‘dos box’, start run, CMD, then type the following command, and then press Enter.
    ldifde -i -f newuser.ldf -s BigServer
  5. To confirm that the new user has been created, check your Active Directory users and computers snap-in.

2.Modify a User’s Attributes

Once you have mastered adding users, then experiment with modifying existing attributes, this is the main advantage of LDIFDE over CSVDE. The key is the ‘changetype: ‘ command in the data file. The three possible commands are add, modify, and delete.

Changing the password is very difficult. Below is an example but you really need more details from your eBook to master the ‘unicodePwd’ syntax.

dn: CN=Guy Thomas, OU=Birmingham, DC=cp,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBZAG8AdQByAE4AZQB3AFAAdwBkACIA

3. Deleting a User

When you need to delete objects, firsly you need their dn: attributes. Secondly, on the next line, write a statement for changetype: delete.

Example: If you saved these entries into a file called leavers.ldf

dn: CN=Dilbert Seeley,CN=Users,DC=cp
changetype: delete

dn: CN=Psycho Lyon,CN=Users,DC=cp
changetype: delete

dn: CN=Joshua McGinn,CN=Users,DC=cp
changetype: delete

Guy Recommends: SolarWinds’ Free Bulk Import Tool<a href=Free Download Solarwinds Bulk Import Tool" width="181" height="146" />

Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

4a.Blank values – Good news

Firstly, some good news. Paul M and Kevan S each wrote in and told me of this solution to the Nul value problem:

I needed to add a null value when I had to clear the login script field and have it controlled by a GPO. The following worked for me

dn: CN=Example User,OU=Example OU,DC=example,DC=network,DC=com

The absence of scriptpath: on the subsequent line after replace: causes an empty/null field to be inserted.

Note: If it took two people to correct this point, it shows that LDIFDE syntax is tricky.

4b. Blank values – Is Fill SEP an Urban Myth?

Unfortunately, Fill SEP does not work, I was mistaken when I read this reference.

Once again I thank Paul M. for writing in with the workable idea for null values – see 4a above.

See also