Site icon REBELADMIN

Automate User Creation on AD, Part 4

This is the part 4 of the article which explains about automation tools which we can use to automate procedure to import/export data into/from active directory. If you still not read the other 3 parts of the article, you can access them using

Part 1 – http://www.rebeladmin.com/2014/07/automate-user-creation-on-ad-part-1/

Part 2 – http://www.rebeladmin.com/2014/07/automate-user-creation-on-ad-part-2/

Part 3 – http://www.rebeladmin.com/2014/07/automate-user-creation-on-ad-part-3/

In this part 4 i will explain the practical use of the LDIFDE tool. As explain on previous post, LDIFDE tool supports more batch operations than CDVDE tool. some of the tasks it can use is

  1. Import/Export Active Directory objects
  2. Edit/Delete already existing AD objects
  3. Export objects from entire AD forest
  4. Import/Export objects data between different active directory domains

In here i will not be able to demonstrate all of these, but i will explain how to do the import/export objects.

Export objects data using LDIFDE

In the demo i am going to export all of the user details in the contoso.com domain in to a ldf file. the command i will be using is

ldifde -f C:\Sales\Exportuser.ldf -s DCPR1 -d "dc=Contoso,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName"

-f C:\Sales\Exportuser.ldf defines the file name which will contain the data. (&(objectCategory=person)(objectClass=User)(givenname=*))"
 defines the filter parameters and just export only the user accounts details on contoso.com domain. cn,givenName,objectclass,samAccountName defines the attributes data which will be exported in to the file.

To run this need to log in as administrator to the DC server and run it on command line interface.

According to above screenshot it successfully exported 6 entries to the LDF file. lets open the .ldf file and see the entries. this file can be open using any text editor and i am using notepad for the task.

According to above screenshot it exported the information we required via the export parameters.

Import objects using LDIFDE

Let's see how we import /create objects using batch file. for the demo i have created a file called NewUsers.ldf and it is containing the following

dn: CN=LDIFDE User 1,OU=Sales Department,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: LDIFDE User 1
sn: User 1
title: Sales Rep
givenName: LDIFDE User 1
displayName: LDIFDE User 1
company: Contoso, Ltd.
instanceType: 4
sAMAccountName: user1
userPrincipalName: ldifde.user1@contoso.com
mail: ldifde.user1@contoso.com

According to the values it will be create user account called LDIFDE User 1 on Sales Department OU. Its user name will be ldifde.user1 and the email account will be ldifde.user1@contoso.com. Also his title will be Sales Rep and company name will list as Contoso, Ltd.

Lets run this file using command

ldifde -i -f C:\Sales\NewUsers.ldf -k

in it -i defines the import mode and -f defines the file path. -k will ignore the errors about already existing object and process the command.

It is successfully run the batch file and lets see in AD if its created the user.

It is successfully create the user, and its in disabled mode initially. because LDIFDE cannot import the passwords so we have to reset the password and enable it manually like we did it with CSVDE.

lets see the account properties to verify its have all the info imported.

General Tab

Account Tab

Organization Tab

So its created the user according to the data which is passed via ldf file.

This is the end of series of articles which explains automation tools which can use import/export AD objects.

Exit mobile version