[00:03] Now, we are…
In the previous examples, we created user accounts and other AD objects by using built-in GUI tools of Windows Server.
These GUI help you with many benefits:
-- Visually observe for easier understand about the meaning of options, features with the help of icons, hints, relationship checking, interactive with others.
-- It helps to choose the value(s) for options with drop-down boxes, radio buttons,…
Create .ldf and .csv files.
[00:31] Now, we are using "csvde " and "ldifde " CLI tool to deal with user objects in Active Directory.
However, with these GUI tools, (in the scope of this video) you can't:
View attributes of 50, 100, 1000 users at the same time. With Active Directory Users and Computers GUI, you only can view the entire attributes of 1 object per time.
Fusion tasking, with CLI tools, you can get the results from a command then pass them to other commands via pipeline operator "| ".
Example, by the end of Working with Active Directory Objects video, we used both "dsquery " and "dsget" commands together to get a granular view in details about users with specific attributes.
[00:44] .csv file with this meaningful name represents domain name "SnoOpy.com ", OU "IT ", Fullname "DuongMinhThang ".
We are creating the user "DuongMinhThang" with these attributes.
To learn more about:
-- LDAP attributes:
-- csvde tool:
"ldifde " and "csvde " need script files with .ldf, .csv extension, respectly to store commands.
First, let's create it.
[1:05] "In a active directory when it comes to user creation if the number of user accounts are small we can either add them with typical user add wizard or create them using user account templates which i explained in a previous post. But if its a large number of accounts it is not practical to do so. if there is way we can automate this process it will save lot of time and resources" -rebeladmin.com
[1:30] csvde is a simple, robust tool, but it lacks these abilities: "set a user password ", "modify existing objects "
while ldifde can.
[1:18] .ldf file with this meaningful name represents: domain name "SnoOpy.com ", OU "IT ", Fullname "Lucy " and "Linus ".
We are creating users "Lucy " and "Linus " with these attributes.
To learn more about:
-- LDAP attributes:
-- ldifde tool:
[1:36] Export and Import Users with Comma Separated Value Directory Exchange (CSVDE).
The default behavior of "csvde " is export, so you only need to specify output's results filename "SnoOpy.com.csv ", for example, this is a meaningful name aim to represent this file itself contains all objects of SnoOpy.com domain.
[2:19] There are all objects in "SnoOpy.com " domain.
This output file locates at the current working directory of the PowerShell prompt.
In this case, this is "Z: " disk, which was mapped from a shared folder from the host machine.
[3:09] We will only export objects, which live in OU "IT " of "SnoOpy.com " domain by using the -d switch. The output file is "SnoOpy.com.OU=IT.csv
[3:38] "There are several command-line tools which can be used to automate the creation and modification of user accounts:
-- ldifde is a command line utility that enables you to import a text file containing User Accounts.
-- csvdeis a utility similar to ldifde, except csvde uses a CSV (Comma Separated Value) file as the basis for importing new User Accounts. csvde allows you to import a spreadsheet containing user accounts.
-- The DS Commands, consisting of dsadd, dsget, dsmove, dsrm, dsquery and dsmod are Active Directory commands that you can use to automate and manipulate User Account Creation and Modification.
-- net user is a legacy command, but it is useful for creating a few quick User Accounts." -- sqa.org.uk
[3:57] There are exported objects from OU "IT ".
[4:31] Instead of you export all objects in a specific area; we can filter them to get only necessary objects by using csvde with -r objectClass=user
(only export objects whose class is "user" class).
[4:46] Let create a computer object in this OU to apply this filter.
user " class were specified with "-r objectClass=user " contains: users, inetOrgPersons and computers.
Thus, all objects in this OU match the criterion and will be exported, included a computer which we just created.
[5:45] Now, let's export only the users in this OU with "-r objectCategory=person ".
"person " category includes contacts, inetOrgPersons, organizationalPersons, persons and users.
[6:21] objectCategory=person ", not "objectClass=person " !
Thus, this computer object will not be exported.
[6:36] "You can do this task interactively or through a script. The simplest interactive approach is to create a template of a configured user account. Then, in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the template account and select Copy" -- itprotoday.com
[7:03] Now, let's export user whose "givenName " is "DuongMinhThang " in OU "IT ".
"givenName " meaningful name, this is an LDAP attribute.
To learn more, go to:
[7:32] "You should also note that Powershell doesn’t like an insecure string. So what I did here is that I converted it to a secure string, which is not exactly secure cause it’s in plain text right here, then force it to plain text using –force. This password creation method might not exactly recommended but this might come in handy for you. Now we just need to run the script in Powershell, and again run it as an Administrator, using this command and finish the account creation. Then you can now refresh and view the new users" -- houseofit.com.au
In previous output files, we were realized that too many attributes "columns " were shown, while we only need to examine the "Distinguished Name (DN )" of these objects.
Let's use csvde with "-l DN " to get the specific attribute "columns
[9:00] This is time to show the import function of csvde , with "-i " (import ) and "-f " switches to specify, which csvde scripts file will be imported.
[9:11] This csvde script file contains the definitions about user creation of "DuongMinhThang " in OU "IT
[9:25] "Actually, there are many better ways. For example, both Windows 2003 and Windows XP ship with the Dsadd Users utility, a command-line tool that creates user accounts. A little copy-and-paste work in Notepad can create a batch file for creating any number of users in a flash. Windows 2000 Server and later ships with createusers.vbs, a VBScript script in Support Tools that creates a user account" -- itprotoday.com
[10:13] Import Users with Lightweight Directory Interchange Format Data Exchange (LDIFDE).
user" was imported!
[10:22] Now, we are using the ldifde tool to import users' definitions from this .ldf file.
[10:46] Users "Lucy ", "Linus " were imported.
ldifde can add, modify, delete AD objects.
Thus, you must specify actions per user's definition.
In this case, this is "add " action.