CSVDE – Examples bulk import user accounts into Active Directory #csvde, #csvde #import, #bulk #import, #ldap, #ldap #field, #active #directory, #spreadsheet, #users


CSVDE Import

Introduction to CSVDE -i Bulk Import

The purpose of this page is to show you how to bulk import user accounts into Active Directory using CSVDE. Here are scenarios where CSVDE will save you repetitive work:

  • To create hundreds of new users in a Windows Server 2003 or 2000 domain.
  • To import thousands of NT 4.0 users into a brand new Active Directory domain.
  • To migrate directory services from Exchange 5.5 into Active Directory.

Topics for CSVDE Import

1) Practice with CSVDE Export. Remember that seven minutes of planning will save you an hour or rework. It may seem eccentric to start with an export when all you want to do is import, but trust me always start with CSVDE export. Here is my reasoning: gain experience of CSVDE switches in conditions where you can do no harm to Active Directory.

When you use CSVDE -i filename to import user accounts, you make changes that will be difficult to reverse. In export mode, you can do no harm to Active Directory, also starting with CSVDE -f filename.csv will help build up your understanding of the switches, or what Microsoft call the parameters.

2) Learn the precise spelling of LDAP fields, for example sAMAccountName is correct, sAMAaccountNames has two mistakes and would cause the import to fail. (This LDAP name is singular, and the double Aa is incorrect.)

3) Create a good .CSV file and learn as much as you can about the LDAP fields in the first row. When you export a user, you get a spreadsheet full of a LDAP attributes, for example, sn, phone, email and many more besides. My advice is to investigate which of the LDAP fields in the first row are compulsory, which are optional, which have strange numeric data, and which you can safely ignore when you switch CSVDE to import mode.

My theme is getting you started. Imagine the scenario: your manager wants 500 users added to his Windows 2003 domain. Fortunately, human resources have all the new joiners in a spreadsheet called Newport.csv. So, let us begin with a simple spreadsheet with only 3 LDAP columns: objectClass, sAMAccountName and DN.

A) objectClass – User. Simple and easy we want to create a user and not a computer and not an OU.

B) sAMAccountName – This is the logon name, maximum of 11 characters. What the user should put in the Ctrl, Alt Delete logon box. Keep this name simple for now. Remember we just want to get the prototype import working and then we can add more LDAP fields.

C) DN – Distinguished name, for example, CN= Firstname Surname,OU=Newport,dc=domain,dc=com

DN is the hardest LDAP field to create. Let us break it down into 3 elements.

1) User name – CN= Firstname Surname. If it were me, the value would be CN=Guy Thomas. In this context think of CN= as meaning common name, or just plain name.

2) Organizational name – OU=Newport. All you have to worry about is have you created an OU called Newport in your domain? If not, then either create one, or change this value to OU=YourOU.

3) Domain name – dc=domain, dc=com. Is your domain called something like mydom.com? or is it plain mydom (no .com. net or .co.uk). It is essential to find out what your domain is called, and only you know the answer.

What would you say the Domain name is for this screen shot? cp, cp.com, cp.local? The answer is cp.com.

So of this were your domain the third DN element would be, dc=cp,dc=com. Incidentally, dc stands for domain context not domain controller.

Guy Recommends: SolarWinds’ Free Bulk Import Tool

Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

1) Copy my example below and paste into an Excel spreadsheet at precisely cell A1.

objectClass,sAMAccountName,dn
user,Petergr, CN=Peter Graham,OU=Newport,DC=cp,dc=com
user,Janiebo, CN=Janie Bourne,OU=Newport,DC=cp,dc=com
user,Edgardu, CN=Edgar Dunn,OU=Newport,DC=cp,dc=com
user,Belindaha, CN=Belinda Hart,OU=Newport,DC=cp,dc=com
user,Mayja, CN=May Jamieson,OU=Newport,DC=cp,dc=com
user,Leroyot, CN=Leroy Ota,OU=Newport,DC=cp,dc=com

2) In Excel, select the Data Menu and then Text to Columns. Naturally, choose the comma delimiter. Save the file as .csv for example, Newort.csv

3) Make sure that the 3 LDAP fields are in the first row. (ObjectClass, sAMAccountName, and DN.)

4) Once you have opened the file in Excel, it is easier to manipulate the values. For example, you may wish to find and replace dc=cp, dc=com with the name of your domain as we discussed earlier.

5) When you have finished preparing the spreadsheet to your liking, then Save As and make sure you select Save as t ype CSV (Comma delimiter). Since the next step is the command prompt, save the file into an easily accessible folder. E.g. C:\csv.

After all the hard work in preparing the spreadsheet, we are now ready for the import. Open the CMD prompt, navigate to the folder where you saved your .csv file.

Type this command: CSVDE -i -f Newport.csv

To check your new users, launch Active Directory Users and Computers and examine the Newport Organizational Unit. After each import, right-click the OU and select Refresh from the short cut menu. Simply pressing F5 is not good enough.

Next step – Try an advanced import. More fields, more spreadsheet functions.

Recommended: Solarwinds’ Permissions Analyzer – Free Active Directory Tool

I like the Permissions Analyzer because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource. Give this permissions monitor a try – it’s free!

CSVDE is unable to add passwords.

Your solution is to change the domain policy to allow blank passwords. You can revert to the previous security setting once you successfully import the accounts. Also see this VBScript.

4) The key disadvantage of CSVDE is that you cannot set passwords with this program. So, use a separate VBScript to set the passwords and enable accounts. Sadly once created, you cannot you alter the accounts in anyway with CSVDE. See here for a VBScript to reset passwords.

The point is use the right tool for the right job. For a quick import of hundreds of user accounts, you cannot beat CSVDE. However if you need to alter accounts or add passwords then turn to VBScript. Both CSVDE and VBScript ‘feed’ off spreadsheets, to me, this is their killer advantage over LDIFDE. I find that it is so useful to have all the accounts and their values set out in my Excel spreadsheet.

  • Check that you understand the: DC=domain, DC=COM (LDAP attributes).
  • If your ADSI Edit says: DC=mydom, then change, dc=cp,dc=com to dc=mydom.
  • Check you created an OU called Newport.
  • Check out the Error Messages .
  • Experiment with different syntax. Try a different output filename.
  • Open and close the CMD command prompt.

CSVDE is an ideal program to bulk import users into Active Directory. The executable is built-in to Windows Server 2003 and 2008. The key advantage of CSVDE is the way than it interacts with spreadsheets to import or export LDAP data.

See Also


Security Assessment, VAPT, ECSA Training in Bangalore, Chennai, Mumbai, Pune, Delhi, Gurgaon, Noida, Muscat, Qatar, Dubai, Certified Security Analyst, Ethical Hacking, GPEN, Penetration Tester, Network Security Testing, Web Application Security Testing, Assessment, Bootcamp, Workshop #security #assessment, #vapt, #ecsa #training, #certified #security #analyst, #ethical #hacking, #gpen, #penetration #tester, #network #security #testing, #web #application #security #testing, #assessment, #bootcamp, #workshop, #bangalore, #chennai, #mumbai, #pune, #delhi, #gurgaon, #noida, #muscat, #qatar, #dubai, #pt, #penetration #testing, #va, #vulnerability #assessment, #countermeasures, #encryption, #patch #management, #perimeter #defense, #database #security, #firewall #architecture, #intrusion #analysis, #network #attacks, #network #scanning, #os #security, #system #hacking, #black #box #penetration #testing, #grey #box #penetration #testing, #white #box #penetration #testing, #aes, #advanced #encryption #standard, #backdoors, #bou, #buffer #overflow #utility, #brute #force #attack, #brutus, #burp #suite, #code #analysis, #code #injection #attack, #cross #site #request #forgery, #cross #site #scripting, #cryptography, #data #breach, #data #encryption #standard, #data #execution #prevention, #ddos, #distributed #denial #of #service, #dmz, #demilitarized #zone, #dos, #denial #of #service, #dep, #des, #digital #signature, #directory #traversal, #emet, #enhanced #mitigation #experience #toolkit, #enumeration, #footprinting, #gak, #government #access #to #keys, #google #hacking, #hacktivism, #hijacking #webservers, #honeypots, #ibm #appscan, #identify #theft, #ids, #intrusion #detection #system, #ip #address #spoofing, #ips, #intrusion #prevention #system, #keystroke #loggers, #kismet, #ldap #injection, #linux #hacking, #malware, #man-in-the-middle #attack, #metasploit #architecture, #nessus, #nmap, #packet #sniffing, #paros, #password #cracking, #phishing, #pki, #public #key #infrastructure, #privilege #escalation, #reconnaissance, #rsa, #rivest #shamir #adleman, #rootkits, #san #cwe #top #25, #sha, #secure #hashing #algorithm, #ssh, #secure #shell, #ssl, #secure #sockets #layer, #session #hijacking, #snmp, #simple #network #management #protocol, #siv, #system #integrity #verifiers, #snort, #social #engineering, #solar #winds, #spyware, #sql #injection, #steganography, #thread #modeling, #threat #profiling, #tls, #transport #layer #security, #trojans, #utm, #unified #threat #management, #virus, #wep #encryption, #wepcrack, #worms, #wpa #cracking


#

A penetration test is done to evaluate the security of a computer system or network by simulating an attack by a malicious user / hacker. The process involves active exploitation of security vulnerabilities that may be present due to poor or improper system configuration, known and / or unknown hardware or software flaws, or operational weaknesses in process or design.

This analysis is carried out from the position of a potential attacker, to determine feasibility of an attack and the resulting business impact of a successful exploit. Usually this is presented with recommendations for mitigation or a technical solution.

About this workshop

This workshop gives an in-depth perspective of penetration testing approach and methodology that covers all modern infrastructure, operating systems and application environments.

This workshop is designed to teach security professionals the tools and techniques required to perform comprehensive information security assessment.

Participants will learn how to design, secure and test networks to protect their organization from the threats hackers and crackers pose. This workshop will help participants to effectively identify and mitigate risks to the security of their organization s infrastructure.

This 40 hour highly interactive workshop will help participants have hands on understanding and experience in Security Assessment.

A proper understanding of Security Assessment is an important requirement to analyze the integrity of the IT infrastructure.

Expertise in security assessment is an absolute requirement for a career in information security management and could be followed by management level certifications like CISA, CISSP, CISM, CRISC and ISO 27001.

There are many reasons to understand Security Assessment:

  • Prepare yourself to handle penetration testing assignments with more clarity
  • Understand how to conduct Vulnerability Assessment
  • Expand your present knowledge of identifying threats and vulnerabilities
  • Bring security expertise to your current occupation
  • Become more marketable in a highly competitive environment

Therefore this workshop will prepare you to handle VA / PT assignments and give you a better understanding of various security concepts and practices that will be of valuable use to you and your organization.

This workshop will significantly benefit professionals responsible for security assessment of the network / IT infrastructure.

  • IS / IT Specialist / Analyst / Manager
  • IS / IT Auditor / Consultant
  • IT Operations Manager
  • Security Specialist / Analyst
  • Security Manager / Architect
  • Security Consultant / Professional
  • Security Officer / Engineer
  • Security Administrator
  • Security Auditor
  • Network Specialist / Analyst
  • Network Manager / Architect
  • Network Consultant / Professional
  • Network Administrator
  • Senior Systems Engineer
  • Systems Analyst
  • Systems Administrator

Anyone aspiring for a career in Security Assessment would benefit from this workshop. The workshop is restricted to participants who have knowledge of ethical hacking countermeasures.

The entire workshop is a combination of theory and hands-on sessions conducted in a dedicated ethical hacking lab environment.

  • The Need for Security Analysis
  • Advanced Googling
  • TCP/IP Packet Analysis
  • Advanced Sniffing Techniques
  • Vulnerability Analysis with Nessus
  • Advanced Wireless Testing
  • Designing a DMZ
  • Snort Analysis
  • Log Analysis
  • Advanced Exploits and Tools
  • Penetration Testing Methodologies
  • Customers and Legal Agreements
  • Rules of Engagement
  • Penetration Testing Planning and Scheduling
  • Pre Penetration Testing Checklist
  • Information Gathering
  • Vulnerability Analysis
  • External Penetration Testing
  • Internal Network Penetration Testing
  • Routers and Switches Penetration Testing
  • Firewall Penetration Testing
  • IDS Penetration Testing
  • Wireless Network Penetration Testing
  • Denial of Service Penetration Testing
  • Password Cracking Penetration Testing
  • Social Engineering Penetration Testing
  • Stolen Laptop, PDAs and Cell phones Penetration Testing
  • Application Penetration Testing
  • Physical Security Penetration Testing
  • Database Penetration testing
  • VoIP Penetration Testing
  • VPN Penetration Testing
  • War Dialing
  • Virus and Trojan Detection
  • Log Management Penetration Testing
  • File Integrity Checking
  • Blue Tooth and Hand held Device Penetration Testing
  • Telecommunication and Broadband Communication Penetration Testing
  • Email Security Penetration Testing
  • Security Patches Penetration Testing
  • Data Leakage Penetration Testing
  • Penetration Testing Deliverables and Conclusion
  • Penetration Testing Report and Documentation Writing
  • Penetration Testing Report Analysis
  • Post Testing Actions
  • Ethics of a Penetration Tester
  • Standards and Compliance