This post appears in the BKJIA forum. It is a real work experience of a netizen. Is how to batch Import and Export accounts in the AD domain. There is a requirement at work. You need to import some accounts in batch and require some attributes, such as departments, positions, and extensions!
If you are interested, you can also go here to discuss: http://bbs.51cto.com/thread-952970-1.html
I. Requirement proposal
There is a requirement at work. You need to import some accounts in batch and require some attributes, such as departments, positions, and extensions!
In fact, the demand is very simple, and the solution is very simple, but some problems have also occurred in the actual operation process, GG and BD, I also read some blogs and other content from others, but most of them are similar. What's more, I directly copied the Help and Support Center templates of Microsoft and did not explain the actual operation cases, as well as Operation notes, according to the blog operations, there will always be such a problem! For this reason, although this article is very simple, I still want to write it out and share it with you. It is not only a practical solution, but also a careful attitude,
When we get this requirement, we may ask, where should I get these attributes? I cannot remember so many attribute values! In fact, we can also make changes. We can import them first, and then compare these attribute values based on the exported file. Let's take a look at the next process!
2. Environment Description
1. One DC 2003 system, with office 2007 installed)
2. The domain name is TT. Com.
3. An OU: TT is created, and a user is created under the OU: TT:
3. Use csvde to export accounts
By default, Microsoft provides two batch Import and Export tools, CSVDE (CSV directory exchange) and LDIFDE (LDAP Data Interchange Format directory exchange). The specific tool depends on the task to be completed. To create an object, you can use either CSVDE or LDIFDE. to modify or delete an object, you must use LDIFDE. Here we select csvde!
1. Open cmd and change the directory to the C root directory, so that we can find the file,
Csvde-f user. Csv directs the adobject to a file named user.csv. The-f switch indicates the name of the output file.
Figure 1
2. The amount of information exported above is very large. We can see that there are 200 projects, which may affect a lot of our information and make it inconvenient for us to find what we want, we can add some parameters to export the information we want most, 2,
Note: Some attributes of tt ou and user alice have been filled in by me, such as positions, departments, extensions, etc. If you need any attributes, enter relevant items, however, you can enter English for better results, because garbled characters may occur after Chinese export. Of course, adding a parameter-u to the export will solve the problem, however, it is not convenient for us to edit it later, so we try to use English as a template.) It is created to export the attribute values we need. This does not matter, we just want to export a template with a property value for our reference! We can see that only two projects are exported this time, which is much clearer than the previous one! Of course, there are still many csvde parameters, but not many of them can be used. For more information, see "?". To view, or refer to the official website: http://technet.microsoft.com/zh-cn/lipary/cc732101 (v = ws.10)
1 u + z-@ 4 q) l * maid
Figure 2
4. edit a template
Based on the information exported in the previous step, we can find the attribute values of the information we need: Job, department, and extension, which are "title, department, telephoneNumber ", in fact, we can directly modify the csv file without creating a new one! We only need to delete the other unnecessary ones. 3,
Figure 3
5. Import users
Open cmd, change to the C root directory, and use the command to import. 4
Csvde-I-f user2.csv-I indicates import, and-f indicates the specified file.
Figure 4
6. Because the tool cannot directly import the password, and we use 514 during the import, this means that the account is locked and the user password is blank, in addition, the user needs to change the password for the next login. This is obviously insecure. 5,
Figure 5
7. Enable the account and set the initial password!
1. Because the current user has a blank password, our default domain policy requires complexity, so users cannot be enabled yet. First, we need to change the password because there are many users, manual modification is troublesome, and the tool does not allow password import. Therefore, we can use a bat file to change the user. 6. Save it as pwd after creation. bat, open cmd and switch to the C root directory for running. The result is displayed!
Figure 6
2. Then, use shift to select more and right-click and select enable user! 7
Figure 7
8. Check whether the results meet the requirements.
We open a user to check whether the position, department, and extension exists. 8
IX. Summary
When we import data, it does not mean that all accounts belong to one OU. Therefore, we need to add your OU before importing data. This is a prerequisite, otherwise, an error will be reported during import! Another tool is ldifde, in fact, I personally feel the same usage, interested can refer to the official website: http://technet.microsoft.com/zh-cn/lipary/cc731033 (v = ws.10)
From the above point of view, there are actually some things that are not very difficult, but they are only willing to do what they want, experiment, and summarize it! Hope everyone can learn and make progress together and discuss it together!
Original post address: http://bbs.51cto.com/thread-952970-1.html