Re: Using LDIFDE to Import and Export Groups
From: Glenn L (the.only(delete)_at_gmail.com)
Date: 12/02/04
- Next message: Jimmy Andersson [MVP]: "Re: Listing / Exporting Security Group Membership"
- Previous message: Jeff: "Re: Email Field in Active Directory"
- In reply to: Howard Goldstein: "Re: Using LDIFDE to Import and Export Groups"
- Next in thread: Manny Borges: "Re: Using LDIFDE to Import and Export Groups"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 2 Dec 2004 08:12:39 -0800
add "-j c:\" to the end of the ldifde import command.
The log file sometimes gives a better clue on where the script is failing.
-- Glenn L CCNA, MCSE (2000,2003) + Security "Howard Goldstein" <HowardGoldstein@discussions.microsoft.com> wrote in message news:9D1ECBD4-16DB-480D-A443-633C82EA8DFF@microsoft.com... > > > "Richard Mueller [MVP]" wrote: > >> Howard Goldstein wrote: >> >> > I have been able to export the groups in my domain using this command: >> > >> > ldifde -f groupexport.ldf -s crpdc01 -t 3268 -d "dc=chomes,dc=com" -p >> > subtree -r "(&(objectCategory=group)(objectClass=group))" -l >> "cn,objectclass" >> > >> > I then edit the file to rename the domain name to the name of the >> > domain I >> > want to import these groups to (A test domain in a test lab) and rename >> the >> > file to importgroups.ldf. When I try to import the file it fails. I >> > get >> a >> > message that tells me on line 1 of my file there is a "Constraint >> Violation" >> > and then a "Server Side error message an attribute is missing" >> > I have been able to export and import my OU's and Users, but I am stuck >> > trying to figure out what attribute I need to add to my command to make >> > my >> > import successful. >> >> The attributes groupType and sAMAccountName are mandatory for group >> objects. >> You only export cn and objectClass. When you create groups, you must >> specify >> objectClass, cn, sAMAccountName, and groupType. I assume this is the >> problem. Also, the sAMAccountName must be unique in the domain, and the >> cn >> must be unique in the container/OU. >> >> Also, once this works, does anyone know how to export and >> > import the users into their groups? >> > >> >> You can add the "member" attribute to the list. This is a collection of >> the >> Distinguished Names of all direct members of the group. I have not >> imported >> such a list, but I assume you can. I would use: >> >> -l "cn,sAMAccountName,groupType,objectClass,member" >> >> -- >> Richard >> Microsoft MVP Scripting and ADSI >> Hilltop Lab web site - http://www.rlmueller.net >> -- >> I was able to export the group information This is what the first entry >> looks like: > dn: CN=TechnicalServices,OU=CorporateIS,DC=tchomes,DC=com > changetype: add > member: CN=John Smith,OU=TechSvcs,OU=CorporateIS,DC=tchomes,DC=com > member: CN=Walter Jones,OU=TechSvcs,OU=CorporateIS,DC=tchomes,DC=com > member: CN=Mark Johnson,OU=TechSvcs,OU=CorporateIS,DC=tchomes,DC=com > member: CN=Bill Johnson,OU=TechSvcs,OU=CorporateIS,DC=tchomes,DC=com > cn: TechnicalServices > groupType: -2147483646 > objectClass: group > sAMAccountName: TechnicalServices >> > It fails on the first line. This time it says "Add Error on line 1 no > such > object" Then goes on to say "Server side error the specified user does > not > exist" > > I'm a little confused Technical Services is the name of the group I'm > trying > to create. The rest of the DN is correct, the OU of corporateIS is there > and > the domain is correct. Do I need to do two seperate files, one where I > just > create the groups, and the next one where I add the users to the group? >>
- Next message: Jimmy Andersson [MVP]: "Re: Listing / Exporting Security Group Membership"
- Previous message: Jeff: "Re: Email Field in Active Directory"
- In reply to: Howard Goldstein: "Re: Using LDIFDE to Import and Export Groups"
- Next in thread: Manny Borges: "Re: Using LDIFDE to Import and Export Groups"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
