Recipe15.15.Exporting and Importing Objects Using LDIF or CSV


Recipe 15.15. Exporting and Importing Objects Using LDIF or CSV

Problem

You want to import or export objects in mass. There are two ways to do this: via an LDIF file or comma-separated value file.

Solution

Using a graphical user interface

None of the standard Microsoft GUI tools support importing or exporting Active Directory data with LDIF or CSV.

Using a command-line interface

The following command exports objects using LDIF:

> ldifde -f output.ldf -l <AttrList> -p <Scope> -r "<Filter>" -d "<BaseDN>"

To import objects using the ldifde utility, you must first create an LDIF file with the objects to add, modify, or delete. Here is an example LDIF file that adds a user, modifies the user twice, and then deletes the user:

dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: add objectClass: user samaccountname: jsmith sn: JSmith useraccountcontrol: 512     dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: modify add: givenName givenName: Jim - replace: sn sn: Smith -     dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: delete

Once you've created the LDIF file, you just need to run the ldifde command to import the new objects.

> ldifde -i -f input.ldf

The following command exports objects from a CSV file:

> csvde -f output.csv -l <AttrList> -p <Scope> -r "<Filter>" -d "<BaseDN>"

To import objects using the csvde utility, you must first create a CSV file containing the objects to add. The first line of the file should contain a comma-separated list of attributes you want to set, with DN being the first attribute. Here is an example:

DN,objectClass,cn,sn,userAccountControl,sAMAccountName,userPrincipalName

The rest of the lines should contain entries to add. If you want to leave one of the attributes unset, leave the value blank (followed by a comma). Here is a sample CSV file that would add two user objects.

DN,objectClass,sn,userAccountControl,sAMAccountName,userPrincipalName "cn=jim,cn=users,dc=rallencorp,dc=com",user,Smith,512,jim,jim@rallencorp.com "cn=john,cn=users,dc=rallencorp,dc=com",user,,512,john,john@rallencorp.com

Once you've created the CSV file, you need to run the csvde command to import the new objects:

> csvde -i -f input.csv

Using VBScript

None of the COM or VBScript-based interfaces support importing or exporting Active Directory data natively with LDIF or CSV. However, if you use Perl, you can use the Net::LDAP::LDIF module, which supports reading and writing LDIF files.

Discussion

The LDAP Data Interchange Format (LDIF) specification defined in RFC 2849 describes a well-defined file-based format for representing directory entries. The format is intended to be both human and machine parseable, which adds to its usefulness. LDIF is the de facto standard for importing and exporting a large number of objects.

While LDIF is useful for exchanging data between different LDAP servers, CSV is useful for exchanging data between Microsoft utilities, notably Excel. Once you have a CSV file containing entries, you can use Excel to view, sort, and manipulate the data.

The first line of a CSV file, as you can see from the example in the solution, lists the fields set by subsequent lines. Each subsequent line specifies values for one entry to be added. If you have a spreadsheet containing objects you want to import, first save it as a CSV file and use csvde to import it. You cannot modify attributes of an object or delete objects using csvde.

Using a command-line interface

In ldifde, the -f option specifies the name of the file to use to save the entries to, -s is the DC to query, -l is the comma-separated list of attributes to include, -p is the search scope, -r is the search filter, and -d is the base DN. If you encounter any problems using ldifde, the -v option enables verbose mode and can help identify problems.

To import with ldifde, simply specify the -i option to turn on import mode and -f <filename> for the file. It can also be beneficial to use the -v option to turn on verbose mode to get more information in case of errors.

The parameters used by csvde are nearly identical to those used by ldifde. The -f option specifies the name of the file to use to save the entries to, -s is the DC to query, -l is the comma-separated list of attributes to include, -p is the search scope (base, onelevel, or subtree), -r is the search filter, and -d is the base DN. If you encounter any issues, the -v option enables verbose mode and can help identify problems.

To import with csvde, simply specify the -i option to turn on import mode and -f <filename> for the file. It can also be beneficial to use the -v option to turn on verbose mode to get more information in case o f errors.

See Also

RFC 2849 (The LDAP Data Interchange Format (LDIF) - Technical Specification), MS KB 237677 (Using LDIFDE to Import and Export Directory Objects to Active Directory), and MS KB 327620 (HOW TO: Use Csvde to Import Contacts and User Objects into Active Directory)



Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net