Tools to Export and Import Bulk Users, Groups, and Organizational Units from Active Directory Domains

Argomenti vari di carattere sistemistico
Post Reply
daniele
Posts: 327
Joined: 04 Mar 2009, 13:59

Tools to Export and Import Bulk Users, Groups, and Organizational Units from Active Directory Domains

Post by daniele »

ORIGINAL ARTICLE: https://www.activedirectoryexport.com/tutorial
ALL RIGHTS RESERVED TO THE AUTHOR(S) OF THE ORIGINAL ARTICLE(S)


CSVDE vs LDIFDE
The main difference between the tools is the data file that they use. CSVDE uses the comma-delimited format. This type of file separates data in the file by the use of commas. Excel support CSV files and thus these files can easily be modified or created using Excel.
LDIDFE uses Lightweight Directory Access Protocol Data Interchange Format. This format is an open format that is used by some non-Microsoft directory services. Using this format may allow exporting of objects from a non-Microsoft system so they can be imported into Active Directory. This allows migration to occur between systems that may not have been possible otherwise.
Reference: http://itfreetraining.com/70-640/csvde-and-ldifde/

Tools to Export and Import Bulk Users, Groups, and Organizational Units from Active Directory Domains
This article will discuss and explain tools to bulk copy or move Active Directory User Accounts, Groups, and Organizations (OUs) from one Active Directory Domain to another domain provided by Microsoft and their limitations.

If you are an IT admin managing a Windows based Active Directory Domain and about to recreate and move to a new Active Directory domain you will need to figure out how to bulk export and import Users, Groups, and OUs from the current domain into the new domain. There are three Microsoft Tools you can use to perform these tasks as they are discussed below along with their limitations:

What is LDIFDE
LDIFDE: LDAP or Lightweight Directory Access Protocol is a standard that is used to create directory services such as Microsoft Active Directory. LDIFDE is a standard that is used to perform bulk operations against the LDAP directory such as adding, removing, deleting objects from within Active Directory database. While LDIFDE is a useful tool to have to export objects from the Active Directory and then Import into another Active Directory, it has three major issues:

No Simple Graphical User Interface
Assumes prior knowledge of LDAP syntax to query, add, and delete objects
Difficult to filter out only the users, groups, or OUs that you want to export and import from Active Directory


For example, let’s say you would like to export and then import all users from twenty OUs from your domain. You will need to run this command twenty times, one at a time for exporting each OU.

Ldifde export command example
”ldifde -f sales.ldf -s server1"ou=sales,dc= mydomain,dc=com"-psubtree–r"(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=com)",

Ldifde import command example:

ldifde –i -f sales.ldf –s newserver

While import may work in the above command, it is also possible that it may fail because of extra attributes that were imported but are not supported by the target server. You may need to edit the exported file manually to clean up the file for a successful import.


What is CSVDE
CSVDE is tool provided by Microsoft to bulk export import data from Active Directory. The main advantage of CSVDE over LDIFDE is that the file generated is comma separated and can be imported into excel for easier view. However; this tool also suffers from the same issues that ldifde has:

No Simple Graphical User Interface
Assumes prior knowledge of LDAP syntax to add, and delete objects
Difficult to filter out only the users, groups, or OUs that you want to export and import from Active Directory


CSVDE Export Command Example

In order to export all objects from Active Directory using CSVDE command,
Csvde –f csvexport.txt

CSVDE Import Command Example

In order to import all objects from Active Directory using USCDE command
Csvde – i –f csvexport.txt

Using VB SCRIPT to Bulk Export Import Active Directory Users, Groups, and OUs.

In order to address the limitations using the ldifde and csvde commands, Microsoft recommends using VBSCRIPT for customization of bulk export import of Active Directory Objects along with the use of ldifde command within the vbscript. VBSCRIPT along with the ldifde command can solve all your issues for bulk exporting and importing Active Users, Groups, and OUs. As this also suggests, you will need to learn how to create scripts using VB language which gets more involved and time consuming. This is a great way to export and import Active Directory objects if you will need to perform these types of operations routinely on your job. If you need to bulk export users, groups, and OUs only once then you will be better off getting the easy GUI based tool such as Active Directory export Import Tool.
Post Reply