cannot import users from csv file active directory
Forums >
Troubleshooting >
cannot import users from csv file active directory
Post #1
Posted:
Hi! Now iam testing razdc like alternative for active directory,and cannot importing csv file with users.maybe someone will tell you which fields should be filled in the file. or how to properly import a list of users from AD?
Post #2
Posted:
The user import function just grabs the first column "a list" of the CSV for username and creates a user with random generated password. If you are looking for more advanced import options you can just directly import from an LDIF.
On your MS AD server you have to export with the "ldifde" command.
For example, on the DC you want to export users from, run a command prompt as administrator and run the following command:
ldifde -f OUTPUTFILE.ldf -l "dn,sAMAccountName,UnicodePwd"
or excluding all params that cannot be set:
ldifde -f OUTPUT.ldf -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
Here is an expanded form specifying server (-s), domain scope (-d), search (-p), and filter (-r):
ldifde -f OUTPUT.ldf -p subtree -r "(&(objectCategory=person)(objectClass=user))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType" -d "OU=Company Staff,DC=top,DC=level,DC=domain,DC=com" -s DCNAME
And finally, here are the switch parameters for ldifde help output:
----------------------------
LDIF Directory Exchange
General Parameters
==================
-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to (Default to DC of computer's domain)
-c FromDN ToDN Replace occurences of FromDN to ToDN
If either FromDN or ToDN ends with #attributeName, the
attribute value will be looked up in rootDSE and used to
replace #attributeName. See example for "Macro expansion
in DNs".
-v Turn on Verbose Mode
-j path Log File Location
-t port Port Number (default = 389)
-u Use Unicode format
-w timeout Terminate execution if the server takes longer than the
specified number of seconds to respond to an operation
(default = no timeout specified)
-h Enable SASL layer signing and encryption
-? Help
Export Specific
===============
-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to "(objectClass=*)")
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for
in an LDAP search
-o list List of attributes (comma separated) to omit from
input.
-g Disable Paged Search.
-m Enable the SAM logic on export.
-n Do not export binary values
-x Include deleted objects (tombstones)
-1 Retain only the important replPropertyMetadata
Import
======
-k The import will go on ignoring 'Constraint Violation'
and 'Object Already Exists' errors
-y The import will use lazy commit for better performance
(enabled by default)
-e The import will not use lazy commit
-q threads The import will use the specified number of threads
(default is 1)
-z Continue importing irrespective of errors.
-x Enable tombstone reanimation support (passes deleted
objects control with ldap modify requests)
Credentials Establishment
=========================
Note that if no credentials is specified, LDIFDE will bind as the currently
logged on user, using SSPI.
-a UserDN [Password | *] Simple authentication
-b UserName Domain [Password | *] SSPI bind method
Example: Simple import of current domain
ldifde -i -f INPUT.LDF
Example: Simple export of current domain
ldifde -f OUTPUT.LDF
Example: Export of specific domain with credentials
ldifde -m -f OUTPUT.LDF
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
-r "(objectClass=user)"
Example: Macro expansion in DNs
ldifde -f export.ldf -c "#configurationNamingContext" "cn=configuration,dc=x"
ldifde -i -f import.ldf -c "cn=configuration,dc=x" "#configurationNamingContext"
----------------------
Once you have the output file, you will need to transfer to RazDC via SCP (you can use filezilla SFTP client for free).
Then import the users from the ldf file using the samba-tool command:
/usr/local/samba/bin/samba-tool user import --import-ldif=OUTPUTFILE.ldf
On your MS AD server you have to export with the "ldifde" command.
For example, on the DC you want to export users from, run a command prompt as administrator and run the following command:
ldifde -f OUTPUTFILE.ldf -l "dn,sAMAccountName,UnicodePwd"
or excluding all params that cannot be set:
ldifde -f OUTPUT.ldf -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
Here is an expanded form specifying server (-s), domain scope (-d), search (-p), and filter (-r):
ldifde -f OUTPUT.ldf -p subtree -r "(&(objectCategory=person)(objectClass=user))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount,memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType" -d "OU=Company Staff,DC=top,DC=level,DC=domain,DC=com" -s DCNAME
And finally, here are the switch parameters for ldifde help output:
----------------------------
LDIF Directory Exchange
General Parameters
==================
-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to (Default to DC of computer's domain)
-c FromDN ToDN Replace occurences of FromDN to ToDN
If either FromDN or ToDN ends with #attributeName, the
attribute value will be looked up in rootDSE and used to
replace #attributeName. See example for "Macro expansion
in DNs".
-v Turn on Verbose Mode
-j path Log File Location
-t port Port Number (default = 389)
-u Use Unicode format
-w timeout Terminate execution if the server takes longer than the
specified number of seconds to respond to an operation
(default = no timeout specified)
-h Enable SASL layer signing and encryption
-? Help
Export Specific
===============
-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to "(objectClass=*)")
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for
in an LDAP search
-o list List of attributes (comma separated) to omit from
input.
-g Disable Paged Search.
-m Enable the SAM logic on export.
-n Do not export binary values
-x Include deleted objects (tombstones)
-1 Retain only the important replPropertyMetadata
Import
======
-k The import will go on ignoring 'Constraint Violation'
and 'Object Already Exists' errors
-y The import will use lazy commit for better performance
(enabled by default)
-e The import will not use lazy commit
-q threads The import will use the specified number of threads
(default is 1)
-z Continue importing irrespective of errors.
-x Enable tombstone reanimation support (passes deleted
objects control with ldap modify requests)
Credentials Establishment
=========================
Note that if no credentials is specified, LDIFDE will bind as the currently
logged on user, using SSPI.
-a UserDN [Password | *] Simple authentication
-b UserName Domain [Password | *] SSPI bind method
Example: Simple import of current domain
ldifde -i -f INPUT.LDF
Example: Simple export of current domain
ldifde -f OUTPUT.LDF
Example: Export of specific domain with credentials
ldifde -m -f OUTPUT.LDF
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
-r "(objectClass=user)"
Example: Macro expansion in DNs
ldifde -f export.ldf -c "#configurationNamingContext" "cn=configuration,dc=x"
ldifde -i -f import.ldf -c "cn=configuration,dc=x" "#configurationNamingContext"
----------------------
Once you have the output file, you will need to transfer to RazDC via SCP (you can use filezilla SFTP client for free).
Then import the users from the ldf file using the samba-tool command:
/usr/local/samba/bin/samba-tool user import --import-ldif=OUTPUTFILE.ldf
Bryan King
Sorry, this topic is not accepting new posts.