Setting password through LDIF is involved. You can't
retrieve the password at all that way.
You can't just take that export below and reimport
it.
1. If you have a password policy with a min password
length you need to have the account disabled flag set in the userAccountControl
value. Bit 1. For the example below that would mean a value of 66050. Though
honestly, consider setting a value of 514 instead, 66048 means the account is
set to never let the password expire which is dangerous.
2. Strip off the usnchanged, usncreated,
whenchanged,whencreated; you can't set these.
3. Your DN
looks truncated. 4. I assume you modified your upn, if not I am not sure
that is a valid upn.
5. You don't need to specify dinstinguishedName,
name, nor objectcategory. They are all based off other attribs
specified.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Suheyla Ikiz
Sent: Monday, February 21, 2005 8:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] HELP!!! Undelete required
Hi,
I am new to this group.
I have AD with some problem ( not removing child domains ). So we have
decided to
set up new DC with 2003 Server in isolated network. Users and groups need
to be moved . We have used ldifde
and csvde commands. During the import option i have the following errors.
We have all ready configured the Domain
Cntroller security parameters and Domain security parameters ( i can
create new user with blank pass)
D:\DOCUME~1\ADMINI~1>ldifde -i -f deneme.ldf
Connecting to "dc2005.bilten..."
Logging in as current user using SSPI
Importing directory from file "ondokuz.ldf"
Loading entries.
Add error on line 1: Unwilling To Perform
The server side error is "Unable to update the password. The value provided for
the new password does not meet the length, complexity, or history requirement of
the domain."
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
Connecting to "dc2005.bilten..."
Logging in as current user using SSPI
Importing directory from file "ondokuz.ldf"
Loading entries.
Add error on line 1: Unwilling To Perform
The server side error is "Unable to update the password. The value provided for
the new password does not meet the length, complexity, or history requirement of
the domain."
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
Now, deneme.ldf says
dn: CN=mesut yelok,OU=Bilgisayar Merkezi,DC=bilten,
changetype: add
accountExpires: 9223372036854775807
cn: mesut yelok
codePage: 0
countryCode: 0
displayName: mesut yelok
distinguishedName:
CN=mesut yelok,OU=Bilgisayar Merkezi,DC=biltengivenName: mesut
instanceType: 4
name: mesut yelok
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=biltenobjectClass: user
sAMAccountName: mesut
sn: yelok
userAccountControl: 66048
userPrincipalName: [EMAIL PROTECTED]
accountExpires: 9223372036854775807
cn: mesut yelok
codePage: 0
countryCode: 0
displayName: mesut yelok
distinguishedName:
CN=mesut yelok,OU=Bilgisayar Merkezi,DC=biltengivenName: mesut
instanceType: 4
name: mesut yelok
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=biltenobjectClass: user
sAMAccountName: mesut
sn: yelok
userAccountControl: 66048
userPrincipalName: [EMAIL PROTECTED]
uSNChanged: 496560
uSNCreated: 171214
whenChanged: 20040628104511.0Z
whenCreated: 20040330071903.0Z
uSNCreated: 171214
whenChanged: 20040628104511.0Z
whenCreated: 20040330071903.0Z
And i could not get the password field information.
Do you have any idea ??
Thanks for your help
Suheyla