If the Policy does not allow for blank passwords, then I assume the import fails. If I were doing this, I'd use the ADModify tool to export the accounts. The output will be an ldf file. I'd use an encoder like this (http://www.opinionatedgeek.com/DotNet/Tools/Base64Encode/Default.aspx) to encode a base64 password. I'd open up the file ldf in notepad and add the following lines to EACH entry (bearing in mind that there are 2 blank lines between EACH entries in the ldf file, and that I need to maintain those 2 blank lines, even at the end of the file!!): replace: unicodePwd unicodePwd::<whatever the base64 equivalent of the password is> Example (assword encoded): dn: CN=Akomolafe Postmaster,OU=AD Import OU,DC=mydomainname,DC=com changetype: add objectClass: user cn: Akomolafe Postmaster givenName: Akomolafe sn: Postmaster sAMAccountName: postmaster codePage: 0 countryCode: 0 DisplayName: Akomolafe Postmaster name: Akomolafe Postmaster userPrincipalName: [EMAIL PROTECTED] replace: unicodePwd unicodePwd::YXNzd29yZA==
dn: CN=DHCP Registrar,OU=AD Import OU,DC=mydomainname,DC=com changetype: add objectClass: user cn: DHCP Registrar givenName: DHCP sn: Registrar sAMAccountName: dhcpregistrar codePage: 0 countryCode: 0 DisplayName: DHCP Registrar name: DHCP Registrar userPrincipalName: [EMAIL PROTECTED] replace: unicodePwd unicodePwd::YXNzd29yZA== dn: CN=dummy,OU=AD Import OU,DC=mydomainname,DC=com changetype: add objectClass: user cn: dummy givenName: dummy sAMAccountName: dummy codePage: 0 countryCode: 0 DisplayName: dummy name: dummy userPrincipalName: [EMAIL PROTECTED] replace: unicodePwd unicodePwd::YXNzd29yZA== dn: CN=IIS USERACCT,OU=AD Import OU,DC=mydomainname,DC=com changetype: add objectClass: user cn: IIS USERACCT givenName: IIS sn: USERACCT sAMAccountName: dom_webman codePage: 0 countryCode: 0 DisplayName: IIS USERACCT name: IIS USERACCT userPrincipalName: [EMAIL PROTECTED] replace: unicodePwd unicodePwd::YXNzd29yZA== Then I'd import this file, using ADmodify, into my destination Domain. HTH Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _____ From: Creamer, Mark Sent: Fri 12/12/2003 6:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] User export Thanks Tony. Does the account get created with a blank password if I don't create one myself? If so, what would happen if the domain policy is set to not allow blank passwords? <mc> -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] User export There is one mandatory attribute that you need (sAMAccountName), but it is generally useful to also have the following: givenName sn displayName userPrincipalName userAccountControl If might also want to set the password, which can be quite tricky with LDIF. There's a KB article on this: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:8 0/support/kb/articles/Q26 3/9/91.ASP&NoWebContent=1 If you're going to script part of it anyway, you may as well do the whole thing (i.e. export and import) without LDIFDE. Just a thought. The main advantage of LDIFDE over CSVDE is the ability to modify existing objects. CSVDE only allows you to create. Tony ---------- Original Message ---------------------------------- Wrom: AUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZ Reply-To: [EMAIL PROTECTED] Date: Fri, 12 Dec 2003 09:25:19 -0500 I have a request to export the user objects from our production environment and import them into our test environment. If I use LDIF for this, are there required attributes I must include in the export in order to make the import into the empty test domain successful? I'd like to create a procedure with a script so next time one of the admins can do it. Finally, are there any advantages to using ldifde vs csvde? Thanks! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
