The import doesn’t fail - ours is set to not allow blank passwords and the import succeeds because the account is disabled – you can do this in ADUC manually too. However, if you try to enable the manually-created account-with-blank-password in ADUC it tells you it doesn’t meet the complexity requirements, but for accounts created with csvde with blank passwords, you can actually enable them without setting a password. There might be a “password not set” flag? In any event, using Joe’s auth tool works –
auth /d:domain /u:autouser /p:”” Authenticating domain\autouser Logon Successful.
Perhaps this is a bug with Windows Server 2003 AD? BTW the sAMAccountName I got when I didn’t specify one was $1N6000-N58EQ9P0PL7S
Rich
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
If the Policy does not allow for blank passwords, then I assume the import fails.
If I were doing this, I'd use the
ADModify tool to export the accounts. The output will be an ldf file. I'd use
an encoder like this (http://www.opinionatedgeek.com/DotNet/Tools/Base64Encode/Default.aspx)
to encode a base64 password. I'd open up the file ldf in notepad and add the
following lines to EACH entry (bearing in mind that there are 2 blank
lines between EACH entries in the ldf file, and that I need to
maintain those 2 blank lines, even at the end of the file!!):
Example (assword encoded):
dn: CN=Akomolafe Postmaster,OU=AD Import
OU,DC=mydomainname,DC=com
Then I'd import this file, using ADmodify, into my destination Domain.
HTH
Sincerely,
From: Creamer,
Mark Thanks Tony. Does the account get created with a blank password if I don't create one myself? If so, what would happen if the domain policy is set to not allow blank passwords? <mc> -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] User export There is one mandatory attribute that you need (sAMAccountName), but it is generally useful to also have the following: givenName sn displayName userPrincipalName userAccountControl If might also want to set the password, which can be quite tricky with LDIF. There's a KB article on this: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q26 3/9/91.ASP&NoWebContent=1 If you're going to script part of it anyway, you may as well do the whole thing (i.e. export and import) without LDIFDE. Just a thought. The main advantage of LDIFDE over CSVDE is the ability to modify existing objects. CSVDE only allows you to create. Tony ---------- Original Message ---------------------------------- Wrom: AUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZ Reply-To: [EMAIL PROTECTED] Date: Fri, 12 Dec 2003 09:25:19 -0500 I have a request to export the user objects from our production environment and import them into our test environment. If I use LDIF for this, are there required attributes I must include in the export in order to make the import into the empty test domain successful? I'd like to create a procedure with a script so next time one of the admins can do it. Finally, are there any advantages to using ldifde vs csvde? Thanks! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. |
- RE: [ActiveDir] User export Coleman, Hunter
- Re: [ActiveDir] User export Tony Murray
- RE: [ActiveDir] User export Creamer, Mark
- RE: [ActiveDir] User export Rich Milburn
- RE: [ActiveDir] User export Rich Milburn
- RE: [ActiveDir] User export Carlos Magalhaes
- RE: [ActiveDir] User export GRILLENMEIER,GUIDO (HP-Germany,ex1)