Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

Stands for
comma separated value
directory exchange, a utility for bulk import/export of data between
comma-delimited (CSV) text files and Active Directory.
csvde can be used to create multiple user
accounts, groups, computers, printers, or other AD objects in a
single batch operation.

Syntax

csvde options

Options

CSVDE options are either export-specific, import-specific, or general
in nature. There are also options for how credentials are specified
for accessing AD.

General Options

-c string1 string2

Replaces all occurrences of string1 with
string2 (used to change the distinguished
name of objects when importing data from one domain to a different
domain).

-f filename

Indicates name of import/export file.

-i

Switches to import mode (the default is export mode).

-j path

Specifies location of log file (default is current directory).

-s servername

Specifies the domain controller on which the import/export operation
is performed.

-t portnumber

Specifies LDAP port number (the default is 389). The global catalog
is port 3,268.

-u

Specifies a CSV file is in Unicode format.

-v

Specifies verbose mode.

Options for Export Only

-d baseDN

Specifies the distinguished name of the search base for exporting
data.

-g

Disables paged searches.

-l attributelist

Lists attributes to export (the default is all attributes).

-m

Omits attributes specific to Active Directory objects. (Examples
include ObjectGUID, objectSID,
pwdLastSet, and
samAccountType.)

-n

Don't export binary values.

-o attributelist

Lists attributes to omit during export.

-p scope

Specifies the search scope as Base,
OneLevel, or SubTree.

-r filter

Creates an LDAP search filter for exporting data.

Options for Import Only

-k

Keep importing even if errors occur.

Options for Establishing Credentials

-a user-distinguished-name password

Security context (credentials) within which the command runs

-b username domain password

Same as -a but different format for credentials

Examples

First, create a properly formatted CSV file to create three new user
accounts in Active Directory. The file

C:\newusers.txt contains the following lines of
information:

DN,objectClass,sAMAccountName,userPrincipalName,displayName,
userAccountControl
"cn=George Smith,ou=Support,dc=mtitcanada,dc=com",user,gsmith,
gsmith@mtitcanada.com,George T. Smith,514
"cn=Barb Smith,ou=Support,dc=mtitcanada,dc=com",user,bsmith,
bsmith@mtitcanada.com,Barbara Lynn Smith,514
"cn=Judy Smith,ou=Support,dc=mtitcanada,dc=com",user,
jsmith,jsmith@mtitcanada.com,Judy Ann Smith,512

The meaning of this information is as follows:

DN

This is the distinguished name of object.

objectClass

user specifies user account object.

sAMAccountName

This is the pre-W2K/2003 user logon name.

userPrincipalName

This is the W2K/2003 user logon name.

displayName

This is the full name of the user.

userAccountControl

512 means account is enabled; 514 means disabled.

Now use csvde to import

newusers.txt and create the three user accounts:

csvde -i -f C:\newusers.txt
Connecting to "(null)"
Logging in as current user using SSPI
Importing directory from file "C:\newusers.txt"
Loading entries....
3 entries modified successfully.
The command has completed successfully

Use the Active Directory Users and Computers console to verify that
the accounts were properly created.

A quick way to list all the possible attributes of user objects is to
export all users and look at the first line:

csvde -f attribs.txt
Connecting to "(null)"
Logging in as current user using SSPI
Exporting directory to file attribs.txt
Searching for entries...
Writing out entries...................................
......................................................
...........
Export Completed. Post-processing in progress...
152 entries exported
The command has completed successfully

Notes

• A common use for csvde is creating multiple user
  accounts. To do this, the CSV file you import:

• Must contain a first line called the attribute line, which specifies
  the name of each attribute defined in the file.

• Must contain one additional line for each user account you want to
  create. The attributes in this line must match the sequence of those
  in the attribute line (first line). Use quotation marks to include
  values that have embedded commas.

• Must contain the path to the user account in AD, the object type, and
  the user logon name (pre-W2K/2003) for each user.

• Should contain the user principal name (UPN) for each user.

• Should specify whether the account is enabled or disabled (the
  default is disabled).

• Can include any personal information that is an attribute of a user
  account, such as address or phone number.

• Passwords aren't included in
  csvde files because these files are text files
  (

  .csv files) and are thus not secure.
  csvde creates new user accounts and assigns them a
  blank password. As a result, it is best to have accounts disabled
  when they are first created, because anyone can log on using the
  accounts and a blank password.

• csvde can be used only to add objects to AD; it
  can't modify or delete existing objects.

• Microsoft Excel is a good tool for creating csvde
  files because it can export spreadsheet data in CSV format.

See Also

Active Directory , ldifde