The csvde utility is automatically installed on Windows Server when it is promoted to a domain controller, during the installation of the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) roles. You can also install the tool via Remote Server Administration Tools (RSAT).
To get all the options and syntax for the csvde utility, just run this command in the command prompt:
CSV Directory Exchange
General Parameters
==================
-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to (Default to DC of computer’s domain)
-v Turn on Verbose Mode
-c FromDN ToDN Replace occurences of FromDN to ToDN
-j path Log File Location
-t port Port Number (default = 389)
-u Use Unicode format
-h Enable SASL layer signing and encryption
-? Help
Export Specific
===============
-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to “(objectClass=*)”)
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for in an
LDAP search
-o list List of attributes (comma separated) to omit from input.
-g Disable Paged Search.
-m Enable the SAM logic on export.
-n Do not export binary values
Import
======
-k The import will go on ignoring ‘Constraint Violation’ and
‘Object Already Exists’ errors
Credentials Establishment
=========================
Note that if no credentials is specified, CSVDE will bind as the currently
logged on user, using SSPI.
-a UserDN [Password | *] Simple authentication
-b UserName Domain [Password | *] SSPI bind method
Example: Simple import of current domain
csvde -i -f INPUT.CSV
Example: Simple export of current domain
csvde -f OUTPUT.CSV
Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d “cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com”
-r “(objectClass=user)”
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
Let’s look at some examples of using the CSVDE tool.
The following command will export all objects with all attributes from the specified AD Organizational Unit:
csvde -f C:\PS\all_users.csv -d "ou=Users,OU=Paris,dc=theitbros,dc=com" –u
Connecting to “(null)”
Logging in as current user using SSPI
Exporting directory to file C:\PS\all_users.csv
Searching for entries…
Writing out entries
Export Completed. Post-processing in progress…
343 entries exported
The command has completed successfully
To export only user accounts, use the following filter with the –r parameter. Using the –l parameter, you can specify which user attributes should be exported to the csv file.
csvde -f C:\PS\all_users.csv -d "ou=Users,OU=Paris,dc=theitbros,dc=com" -r "(&(objectcategory=person)(objectclass=user))" -l userPrincipalName,DN,objectClass,description,department,title,telefonNumber
In order to export all users with a specific name, use the filter:
-r (& (objectClass = User) (sn = Jackson))
You can export this file to Excel and use it as a template for importing users into Active Directory. Create users.csv file with the following values:
objectClass sAMAccountName DN user m.decker CN=Moritz Decker,OU=Users,OU=Munich,OU=DE,DC=theitbros,DC=com user m.decker1 CN=Moritz Decker1,OU=Users,OU=Munich,OU=DE,DC=theitbros,DC=com
To bulk create users in AD, run the command:
Csvde -i -f C:\ps\new_users.csv –k
Connecting to “(null)”
Logging in as current user using SSPI
Importing directory from file “C:\ps\new_users.csv”
Loading entries…….
6 entries modified successfully.
The csvde created 6 new users in Active Directory.
Start the Active Directory Users and Computers (ADUC) snap-in and verify that there are new users in AD.
All user accounts are disabled. You can enable them manually or using the following PowerShell one-liner:
Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Users,OU=Munich,OU=DE,DC=theitbros,DC=com" | Enable-ADAccount
Hint. The csvde can be used to migrate users via CSV text files from on-premises Active Directory to the Azure or AWS cloud.
The main cons of csvde:
- Doesn’t allow to edit, update or remove existing Active Directory objects;
- When importing, you can only create new objects;
- You cannot set or export user passwords;
- Secure connection to LDAP over SSL is not supported.
No comments:
Post a Comment