How do I import data into Active Directory (AD) or an Active Directory Application Mode (ADAM) instance from a comma-separated value (.csv) file?

A. There are two main methods to import data into AD or ADAM from a file. You can use the Ldifde tool, which reads in files in the LDAP Data Interchange Format (LDIF), or you can use the Comma Separated Value Directory Exchange (Csvde) tool, which imports data in a .csv format into AD or ADAM. The first line of the file tells the utility which properties you'll provide for the object you're creating. For example, to create a user object with very basic information, the first line might read:

DN,objectClass,name,samaccountname

which tells the tool to expect the records that follow to have the object's distinguished name (DN), class, name, and SAM account, as the following example shows:

"CN=beavis,cn=users,dc=savilltech,dc=com",user,beavis,beavisIf I run the Csvde tool on a domain controller (DC), I could simply run the following command:

D:temp>csvde -i -f d:tempusers.csv -v -k

Which results in the following output:

Connecting to "(null)"Logging in as current user using SSPIImporting directory from file "d:tempusers.csv"Loading entries2: CN=beavis,cn=users,dc=savilltech,dc=comEntry modified successfully.1 entry modified successfully.The command has completed successfully.

The more attributes you want to set for the objects you create, the more attributes you'd list in the file's first line as the header record. Then ensure you have a value for each "column" for each actual data record.

If you use the Csvde tool, you can't set passwords for the object you're creating. You need to set passwords by either manually resetting the password for each created user or by writing a script to change the passwords. The Ldifde tool doesn't have this limitation, so you can set passwords. For more information, see the Microsoft article "How to set a user's password with Ldifde" (http://support.microsoft.com/?kbid=263991 ).

If you need to create a complex Csvde import file, you might want to export existing objects to see the columns and values the tool sets. For example, to dump the user objects for my domain's Users container, I use this command:

D:temp>csvde -f d:tempexport.csv -d "cn=users,dc=savilltech,dc=com" -r "(objectClass=user)"

which results in the following output:

Connecting to "(null)"Logging in as current user using SSPIExporting directory to file d:tempexport.csvSearching for entries...Writing out entries.............Export Completed. Post-processing in progress...13 entries exportedThe command has completed successfully

When you examine the file the command creates, you'll see a very large header line:DN,objectClass,cn,sn,givenName,distinguishedName,instanceType,whenCreated,whenChanged,displayName,uSNCreated,memberOf,uSNChanged,name,objectGUID,userAccountControl,badPwdCount,codePage,countryCode,badPasswordTime,lastLogoff,lastLogon,pwdLastSet,primaryGroupID,objectSid,adminCount,accountExpires,logonCount,sAMAccountName,sAMAccountType,userPrincipalName,objectCategory,lastLogonTimestamp,description,proxyAddresses,showInAddressBook,legacyExchangeDN,isCriticalSystemObject,textEncodedORAddress,mail,msExchUserAccountControl,mDBUseDefaults,msExchMailboxGuid,msExchMailboxSecurityDescriptor,msExchALObjectVersion,homeMDB,homeMTA,msExchPoliciesIncluded,msExchHomeServerName,mailNickname,dSCorePropagationData,showInAdvancedViewOnly,servicePrincipalName,initials,logonHours,userParameters,comment,msNPAllowDialin

You can't set all the values listed above. Some items, such as the user's globally unique identifier (GUID) must be created by AD, but the example gives you a good starting point for what's possible and the format the utility expects. Remember that applications such as Microsoft Excel can read, edit, and save data in .csv format, so you might find this easier to manipulate the data.