What I am really looking for is a list of the LDAP attributes that are used with these two utilities. It seems that the list of attributes used to create user accounts are abundant. But how about the list of attributes for the objectclass: group. When I add this to my text file it automatically makes the group as a global group, is there anyway to change it to another group scope and possibly add members. Thanks for any help
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
LDIFDE and CSVDE to add groups
- Thread starter patloner
- Start date
So the attribute you would want to set on an import process to change the type of group would be groupType. Two examples:
Security groups are usually: -2147483646
DL's are usually: 4
For adding members you would need to specify the dn of the member. A word of caution, if memory serves me, if you attempt to add a DN that does not exist the entire entry will fail due to the default referential integrity processing ...
HTH,
-Chris
Security groups are usually: -2147483646
DL's are usually: 4
For adding members you would need to specify the dn of the member. A word of caution, if memory serves me, if you attempt to add a DN that does not exist the entire entry will fail due to the default referential integrity processing ...
HTH,
-Chris
- Thread starter
- #3
Okay so the grouptype attribute with a value of 4 creates a distribution group which is domain local in its scope. I couldn't get that security group value to work though. I need to be able to create multiple security groups of global and domain local scope within a single csv or ldf file. Thanks for the initial response, if you can tell me anymore I would appreciate it. Thanks
- Thread starter
- #5
that works, I didn't even think of the export capabilities. Thanks for your help. I discovered today that I could create a group using the grouptype attribute and it would be a domain local but a distribution group. If I left that attribute off I got a security global. I figured that if all else failed, at least I could change the group type but cannot change the scope from DL to G. So I used dsquery on Win2K3 to grab the groups and switch the group type to security all at once. It still would be great to get it down to one file. I will check this out tomorrow, thanks for your help
[1] First you have to have documentation of ldifde's syntax:
[2] To create a new group (Supports, say) in the Sales ou, you have to do this.
[2.1] Specify the import option (-i);
[2.2] Specify the import file (-f);
[2.3] Prepare the import file, makegroup.ldf say, a text file containing these lines, know your own domain etc.
[2.4] Issue the command line at command prompt, with paths and all that if necessary.
[2.5] Here it uses default to your dc, else you specify the server by adding option "-s <servername>" to it.
- tsuji
[2] To create a new group (Supports, say) in the Sales ou, you have to do this.
[2.1] Specify the import option (-i);
[2.2] Specify the import file (-f);
[2.3] Prepare the import file, makegroup.ldf say, a text file containing these lines, know your own domain etc.
Code:
dn: CN=Supports,OU=Sales,DC=NA,DC=Fabrikam,DC=Com;
changetype: add
objectClass: group
samAccountName: Supports
Code:
ldifde -i -f makegroup.ldf[2.5] Here it uses default to your dc, else you specify the server by adding option "-s <servername>" to it.
- tsuji
- Status
Similar threads
- Locked
- Question
- Locked
- Question