Oh my... That is priceless. I never knew that but of course it makes sense when you follow the creation logic....
Also does it from the command line via net user /add if you are interested... joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1) Sent: Thursday, December 18, 2003 7:16 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] User export an interesting fact to this is, if you create accounts with the new account wizard in ADUC and you specify a PW that doesn't match the domain's PW policy, the account is created and the deleted right away. So if you then correct the PW, another new account is created => i.e. if you've failed to enter a good PW 3 times and the 4th time you got it right, you'll have 3 tombstones plus one "real" user object for the same user that you've just tried to create - and all will be replicated to all DCs... ;-) /Guido -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 18. Dezember 2003 01:02 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] User export Password are not set until after the account is created so you would have a disabled account on your hands. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Friday, December 12, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] User export Thanks Tony. Does the account get created with a blank password if I don't create one myself? If so, what would happen if the domain policy is set to not allow blank passwords? <mc> -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] User export There is one mandatory attribute that you need (sAMAccountName), but it is generally useful to also have the following: givenName sn displayName userPrincipalName userAccountControl If might also want to set the password, which can be quite tricky with LDIF. There's a KB article on this: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com: 80/support/kb/articles/Q26 3/9/91.ASP&NoWebContent=1 If you're going to script part of it anyway, you may as well do the whole thing (i.e. export and import) without LDIFDE. Just a thought. The main advantage of LDIFDE over CSVDE is the ability to modify existing objects. CSVDE only allows you to create. Tony ---------- Original Message ---------------------------------- Wrom: AUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZ Reply-To: [EMAIL PROTECTED] Date: Fri, 12 Dec 2003 09:25:19 -0500 I have a request to export the user objects from our production environment and import them into our test environment. If I use LDIF for this, are there required attributes I must include in the export in order to make the import into the empty test domain successful? I'd like to create a procedure with a script so next time one of the admins can do it. Finally, are there any advantages to using ldifde vs csvde? Thanks! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
