Active DirectoryMicrosoft TechnologiesWindows Server

Automate User Creation on AD, Part 4

This is the part 4 of the article which explains about automation tools which we can use to automate procedure to import/export data into/from active directory. If you still not read the other 3 parts of the article, you can access them using

Part 1 – http://www.rebeladmin.com/2014/07/automate-user-creation-on-ad-part-1/

Part 2 – http://www.rebeladmin.com/2014/07/automate-user-creation-on-ad-part-2/

Part 3 – http://www.rebeladmin.com/2014/07/automate-user-creation-on-ad-part-3/

In this part 4 i will explain the practical use of the LDIFDE tool. As explain on previous post, LDIFDE tool supports more batch operations than CDVDE tool. some of the tasks it can use is

  1. Import/Export Active Directory objects
  2. Edit/Delete already existing AD objects
  3. Export objects from entire AD forest
  4. Import/Export objects data between different active directory domains

In here i will not be able to demonstrate all of these, but i will explain how to do the import/export objects.

Export objects data using LDIFDE

In the demo i am going to export all of the user details in the contoso.com domain in to a ldf file. the command i will be using is

ldifde -f C:\Sales\Exportuser.ldf -s DCPR1 -d "dc=Contoso,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName"

-f C:\Sales\Exportuser.ldf defines the file name which will contain the data. (&(objectCategory=person)(objectClass=User)(givenname=*))"
 defines the filter parameters and just export only the user accounts details on contoso.com domain. cn,givenName,objectclass,samAccountName defines the attributes data which will be exported in to the file.

To run this need to log in as administrator to the DC server and run it on command line interface.

ldf1

According to above screenshot it successfully exported 6 entries to the LDF file. lets open the .ldf file and see the entries. this file can be open using any text editor and i am using notepad for the task.

ldf2

According to above screenshot it exported the information we required via the export parameters.

Import objects using LDIFDE

Let's see how we import /create objects using batch file. for the demo i have created a file called NewUsers.ldf and it is containing the following

dn: CN=LDIFDE User 1,OU=Sales Department,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: LDIFDE User 1
sn: User 1
title: Sales Rep
givenName: LDIFDE User 1
displayName: LDIFDE User 1
company: Contoso, Ltd.
instanceType: 4
sAMAccountName: user1
userPrincipalName: ldifde.user1@contoso.com
mail: ldifde.user1@contoso.com

According to the values it will be create user account called LDIFDE User 1 on Sales Department OU. Its user name will be ldifde.user1 and the email account will be ldifde.user1@contoso.com. Also his title will be Sales Rep and company name will list as Contoso, Ltd.

Lets run this file using command

ldifde -i -f C:\Sales\NewUsers.ldf -k

in it -i defines the import mode and -f defines the file path. -k will ignore the errors about already existing object and process the command.

ldf3

It is successfully run the batch file and lets see in AD if its created the user.

ldf4

It is successfully create the user, and its in disabled mode initially. because LDIFDE cannot import the passwords so we have to reset the password and enable it manually like we did it with CSVDE.

lets see the account properties to verify its have all the info imported.

General Tab

ldf5

Account Tab

ldf6

Organization Tab

ldf7

So its created the user according to the data which is passed via ldf file.

This is the end of series of articles which explains automation tools which can use import/export AD objects.

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *