Recipe 15.15. Exporting and Importing Objects Using LDIF or CSVProblemYou want to import or export objects in mass. There are two ways to do this: via an LDIF file or comma-separated value file. SolutionUsing a graphical user interfaceNone of the standard Microsoft GUI tools support importing or exporting Active Directory data with LDIF or CSV. Using a command-line interfaceThe following command exports objects using LDIF: > ldifde -f output.ldf -l <AttrList> -p <Scope> -r "<Filter>" -d "<BaseDN>" To import objects using the ldifde utility, you must first create an LDIF file with the objects to add, modify, or delete. Here is an example LDIF file that adds a user, modifies the user twice, and then deletes the user: dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: add objectClass: user samaccountname: jsmith sn: JSmith useraccountcontrol: 512 dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: modify add: givenName givenName: Jim - replace: sn sn: Smith - dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: delete Once you've created the LDIF file, you just need to run the ldifde command to import the new objects. > ldifde -i -f input.ldf The following command exports objects from a CSV file: > csvde -f output.csv -l <AttrList> -p <Scope> -r "<Filter>" -d "<BaseDN>" To import objects using the csvde utility, you must first create a CSV file containing the objects to add. The first line of the file should contain a comma-separated list of attributes you want to set, with DN being the first attribute. Here is an example: DN,objectClass,cn,sn,userAccountControl,sAMAccountName,userPrincipalName The rest of the lines should contain entries to add. If you want to leave one of the attributes unset, leave the value blank (followed by a comma). Here is a sample CSV file that would add two user objects. DN,objectClass,sn,userAccountControl,sAMAccountName,userPrincipalName "cn=jim,cn=users,dc=rallencorp,dc=com",user,Smith,512,jim,jim@rallencorp.com "cn=john,cn=users,dc=rallencorp,dc=com",user,,512,john,john@rallencorp.com Once you've created the CSV file, you need to run the csvde command to import the new objects: > csvde -i -f input.csv Using VBScriptNone of the COM or VBScript-based interfaces support importing or exporting Active Directory data natively with LDIF or CSV. However, if you use Perl, you can use the Net::LDAP::LDIF module, which supports reading and writing LDIF files. DiscussionThe LDAP Data Interchange Format (LDIF) specification defined in RFC 2849 describes a well-defined file-based format for representing directory entries. The format is intended to be both human and machine parseable, which adds to its usefulness. LDIF is the de facto standard for importing and exporting a large number of objects. While LDIF is useful for exchanging data between different LDAP servers, CSV is useful for exchanging data between Microsoft utilities, notably Excel. Once you have a CSV file containing entries, you can use Excel to view, sort, and manipulate the data. The first line of a CSV file, as you can see from the example in the solution, lists the fields set by subsequent lines. Each subsequent line specifies values for one entry to be added. If you have a spreadsheet containing objects you want to import, first save it as a CSV file and use csvde to import it. You cannot modify attributes of an object or delete objects using csvde. Using a command-line interfaceIn ldifde, the -f option specifies the name of the file to use to save the entries to, -s is the DC to query, -l is the comma-separated list of attributes to include, -p is the search scope, -r is the search filter, and -d is the base DN. If you encounter any problems using ldifde, the -v option enables verbose mode and can help identify problems. To import with ldifde, simply specify the -i option to turn on import mode and -f <filename> for the file. It can also be beneficial to use the -v option to turn on verbose mode to get more information in case of errors. The parameters used by csvde are nearly identical to those used by ldifde. The -f option specifies the name of the file to use to save the entries to, -s is the DC to query, -l is the comma-separated list of attributes to include, -p is the search scope (base, onelevel, or subtree), -r is the search filter, and -d is the base DN. If you encounter any issues, the -v option enables verbose mode and can help identify problems. To import with csvde, simply specify the -i option to turn on import mode and -f <filename> for the file. It can also be beneficial to use the -v option to turn on verbose mode to get more information in case o f errors. See AlsoRFC 2849 (The LDAP Data Interchange Format (LDIF) - Technical Specification), MS KB 237677 (Using LDIFDE to Import and Export Directory Objects to Active Directory), and MS KB 327620 (HOW TO: Use Csvde to Import Contacts and User Objects into Active Directory) |