Making mass changes in Active Directory is not always an easy task. The ADUC GUI has limited ability to do mass changes. ADModify.net is a great tool, but also has limitations on what attributes it will update. Sometimes the last resort is using CSVDE and LDIF files. Unfortunately CSVDE won’t let you modify an existing attribute on an object, but it will let you create new objects. So, you might be backed into a corner where you must use LDIF files to do the required changes.
Getting data into the LDIF format is non-trivial, and you can spend a lot of time massaging data to get it just right. Fortunately, I came across a way to transform a CSVDE file into a LDIF file with minimal fuss. I can’t take credit for this method, as I found it during a Google search. But I have used it many times lately to help with e-mail migrations, and it was very handy.
The most common scenario I used it for was to do mass changes for a single attibute, say a display name, extended attribute, company name, etc.
Preparing Import File
To prepare the import file, you need to do a csvde export of the objects so that you have the full distinguished name. An example query to export user objects would be:
csvde -f users.csv -p subtree -r "(&(objectCategory=person)(objectClass=user))"
An example of a DN from this query would look like:
CN=Abhis Deb,OU=External Users,DC=company,DC=com
Open the resulting file from csvde export into Excel. Column A should be the DNs. Column B will be where you put the value for the attribute you want to change. For instance, if you want the EmployeeID to be 65000, put 65000 as the value. Do not put the attribute name, as this will be specified elsewhere. The result should be column A with all of the DNs, and column B with the values of the attribute you want to change. Save the file as a Comma Delimited text file. Row 1 is ignored, so make sure you keep any headers or have dummy data, since it will not be output in the LDIF file.
Installing Required Software
Download and install the freebie Microsoft tool, log parser from:
Preparing Transformation Files and Scripts
Open Notepad and cut and paste the following (including the <LPBODY> lines), and save it as csv-ldif.txt. Be extremely careful to not extra carriage returns or spaces. In particular there must not be a carriage return after the last </LPBODY> statement. Any failure to exactly format this file will result in failed LDIF imports.
<LPBODY>
dn: %FIELD_3%
changetype: modify
replace: EmployeeNumber
EmployeeNumber: %FIELD_4%
–
</LPBODY>
As a note, the log parser sees field 3 as the first column in the input file and field 4 as the second. Don’t ask me why! Open Notepad and copy the following text, and save it as make-ldif.bat:
type %1 | "c:program fileslog parser 2.2logparser" "select * FROM STDIN" -i:CSV -o:tpl -tpl:csv-ldif.txt -q:on -stats:off > output.ldf
Modify Transformation File
The csv-ldif.txt file will need to be modified for each run. In paticular, both instances of "EmployeeNumber" need to be changed to the name of the attribute you want to modify. Save the file.
Running the Transform Script
Copy your modified CSVDE file to the same directory as the make-ldif.bat file and run the following command:
make-ldif.bat NameofCSVDEfile.csv
The result will be a file called output.ldf which should be properly formatted LDIF file. Open the LDIF file and visually verify that it look OK. It should look similar to this (including the separating hypens):
dn: CN=Achim Schreier,OU=External Users,DC=company,DC=com
changetype: modify
replace: EmployeeNumber
EmployeeNumber: 677755
–
dn: CN=Adam Franklin,OU=PMF-users,OU=External Users,DC=company,DC=com
changetype: modify
replace: EmployeeNumber
EmployeeNumber: 4354434
–
Importing the LDIF file back into AD
The following command will import your LDIF file into AD and place the logs on the C drive:
ldifde -i -f output.ldf -k -j c:
Any errors should be examined. If you do get import errors very early in the file, it is likely that there are hidden spaces or carriage returns. Press the delete key at the end of each line for the first two users and make sure Notepad brings up next line of text. If not, you have probably have a hidden carriage return and need to modify the csvde-ldif.txt file.
