How to import a groups members using 'ldifde'?
Here is a way to add users to an existing group (ldifde -i -k -f AddGrpMember.ldf -v
):
dn: CN=MonGrpSec,OU=MonOu,DC=dom,DC=fr
changeType: Modify
add: member
member: CN=jblanc,OU=MonOu,DC=dom,DC=fr
member: CN=Jean Paul Blanc,OU=MonOu,DC=dom,DC=fr
-
Here is a way to create a new group with members (ldifde -i -k -f NewGrpWithMember.ldf -v
):
dn: CN=NewGrpSec,OU=MonOu,DC=dom,DC=fr
changeType: Add
objectClass: top
objectClass: group
CN: NewGrpSec
member: CN=jblanc,OU=MonOu,DC=dom,DC=fr
member: CN=Jean Paul Blanc,OU=MonOu,DC=dom,DC=fr
SinFulNard
Updated on August 02, 2022Comments
-
SinFulNard over 1 year
I have two domains. One production. One testing. There is no trust between the two.
I can import all user objects and group objects successfully using ldifde commands. When I attempt to also include group members in my export/import I can't seem to successfully import.
Here are the variations I have tried:
Attempt 1:
file format: dn: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net changetype: add member: CN=USER1,OU=Users,OU=Managed,DC=dev,DC=net member: CN=USER2,OU=Users,OU=Managed,DC=dev,DC=net ldifde command used: ldifde -i -k -f groupexp12072012-test.ldf -v output: Connecting to "DC" Logging in as current user using SSPI Importing directory from file "groupexp12072012-test.ldf" Loading entries 1: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net Add error on line 1: Object Class Violation The server side error is "The object class attribute must be specified." 0 entries modified successfully. An error has occurred in the program No log files were written. In order to generate a log file, please specify the log file path via the -j option.Attempt 2: Added in the correct objectClass to my ldifde import file:
file format: dn: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net changetype: add objectClass: top objectClass: group member: CN=USER1,OU=Users,OU=Managed,DC=dev,DC=net member: CN=USER2,OU=Users,OU=Managed,DC=dev,DC=net ldifde command used: ldifde -i -k -f groupexp12072012-test.ldf -v output: Connecting to "DC" Logging in as current user using SSPI Importing directory from file "groupexp12072012-test.ldf" Loading entries 1: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net Entry already exists, entry skipped 0 entries modified successfully. The command has completed successfullyAttempt 3: Deleted the existing group object and used the same command and format as "Attempt 2":
Connecting to "DC" Logging in as current user using SSPI Importing directory from file "groupexp12072012-test.ldf" Loading entries 1: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net Object does not exist, entry skipped 0 entries modified successfully.So I'm stuck. Apparently 'ldifde' can be used to import group members - all my colleagues say it has never worked but I stumble upon MS articles that say otherwise; http://social.technet.microsoft.com/Forums/nl/winserverDS/thread/089a3f3b-617f-4c66-a3fc-be543d97a612
Then I stumble on "5. LDIFDE doesn’t support changing Group Membership. You can use CSVDE or ADDUSERS.exe or DStools for Windows 2003 Editions." here: http://support.microsoft.com/kb/555634
Am I going crazy for no reason - will I ever succeed using 'ldifde'?
edit: Yes, I was going crazy for no reason. One of my targeted users was actually in a different OU I was specifying for 'ldifde'. Because of this, 'ldifde' would just give up and not add any members to the group.
-
SinFulNard almost 12 yearsI've accepted this answer as its fundamentally correct and helped me determine the actual problem. The actual problem? One of my targeted users was in a different OU in the target domain and helpfully 'ldifde' would just throw up its arms and call it quits.