csvde |
Stands for comma separated value directory exchange, a utility for bulk import/export of data between comma-delimited (CSV) text files and Active Directory. csvde can be used to create multiple user accounts, groups, computers, printers, or other AD objects in a single batch operation.
csvde options
CSVDE options are either export-specific, import-specific, or general in nature. There are also options for how credentials are specified for accessing AD.
Replaces all occurrences of string1 with string2 (used to change the distinguished name of objects when importing data from one domain to a different domain).
Indicates name of import/export file.
Switches to import mode (the default is export mode).
Specifies location of log file (default is current directory).
Specifies the domain controller on which the import/export operation is performed.
Specifies LDAP port number (the default is 389). The global catalog is port 3,268.
Specifies a CSV file is in Unicode format.
Specifies verbose mode.
Specifies the distinguished name of the search base for exporting data.
Disables paged searches.
Lists attributes to export (the default is all attributes).
Omits attributes specific to Active Directory objects. (Examples include ObjectGUID , objectSID , pwdLastSet , and samAccountType .)
Don't export binary values.
Lists attributes to omit during export.
Specifies the search scope as Base , OneLevel , or SubTree .
Creates an LDAP search filter for exporting data.
Keep importing even if errors occur.
Security context (credentials) within which the command runs
Same as -a but different format for credentials
First, create a properly formatted CSV file to create three new user accounts in Active Directory. The file C:\newusers.txt contains the following lines of information:
DN,objectClass,sAMAccountName,userPrincipalName,displayName, userAccountControl "cn=George Smith,ou=Support,dc=mtitcanada,dc=com",user,gsmith, gsmith@mtitcanada.com,George T. Smith,514 "cn=Barb Smith,ou=Support,dc=mtitcanada,dc=com",user,bsmith, bsmith@mtitcanada.com,Barbara Lynn Smith,514 "cn=Judy Smith,ou=Support,dc=mtitcanada,dc=com",user, jsmith,jsmith@mtitcanada.com,Judy Ann Smith,512
The meaning of this information is as follows :
This is the distinguished name of object.
user specifies user account object.
This is the pre-W2K/2003 user logon name.
This is the W2K/2003 user logon name.
This is the full name of the user.
512 means account is enabled; 514 means disabled.
Now use csvde to import newusers.txt and create the three user accounts:
csvde -i -f C:\newusers.txt Connecting to "(null)" Logging in as current user using SSPI Importing directory from file "C:\newusers.txt" Loading entries.... 3 entries modified successfully. The command has completed successfully
Use the Active Directory Users and Computers console to verify that the accounts were properly created.
A quick way to list all the possible attributes of user objects is to export all users and look at the first line:
csvde -f attribs.txt Connecting to "(null)" Logging in as current user using SSPI Exporting directory to file attribs.txt Searching for entries... Writing out entries................................... ...................................................... ........... Export Completed. Post-processing in progress... 152 entries exported The command has completed successfully
A common use for csvde is creating multiple user accounts. To do this, the CSV file you import:
Must contain a first line called the attribute line, which specifies the name of each attribute defined in the file.
Must contain one additional line for each user account you want to create. The attributes in this line must match the sequence of those in the attribute line (first line). Use quotation marks to include values that have embedded commas.
Must contain the path to the user account in AD, the object type, and the user logon name (pre-W2K/2003) for each user.
Should contain the user principal name (UPN) for each user.
Should specify whether the account is enabled or disabled (the default is disabled ).
Can include any personal information that is an attribute of a user account, such as address or phone number.
Passwords aren't included in csvde files because these files are text files ( .csv files) and are thus not secure. csvde creates new user accounts and assigns them a blank password. As a result, it is best to have accounts disabled when they are first created, because anyone can log on using the accounts and a blank password.
csvde can be used only to add objects to AD; it can't modify or delete existing objects.
Microsoft Excel is a good tool for creating csvde files because it can export spreadsheet data in CSV format.
Active Directory , ldifde