Importing Computers with CSVDE
CSVDE is a command-line tool
that imports or exports Active Directory objects from or to a
comma-delimited text file (also known as a comma-separated value text
file, or .csv file). The basic syntax of the CSVDE command
is:
csvde [-i] [-f "Filename"] [-k]
The -i parameter specifies import mode;
without it, the default mode of CSVDE is export. The
-f parameter identifies the file name to import
from or export to. The -k parameter is useful
during import operations because it instructs CSVDE to ignore errors,
including Object Already Exists, Constraint Violation, and Attribute
Or Value Already Exists errors.
Comma-delimited files can be created, modified, and opened with
tools as familiar as Notepad and Microsoft Office Excel. The first
line of the file defines the attributes by their Lightweight Directory
Access Protocol (LDAP) attribute names. Each object follows, one per line, and
must contain exactly the attributes listed on the first line. A sample
file is shown in Excel in Figure 1.
When importing computers, be sure to include the
userAccountControl attribute and set it to 4096.
This attribute ensures that the computer can join the domain by using
the account. Also include the pre-Windows 2000 logon name of the
computer, the sAMAccountName attribute, which is
the name of the computer followed by a dollar sign ($), as shown in
Figure 1.
Importing Computers with LDIFDE
LDIF files are text files within
which operations are specified by a block of lines separated by a
blank line. Each operation begins with the DN
attribute of the object that is the target of the operation. The next
line, changeType, specifies the type of
operation: add, modify, or
delete.
The following listing is an LDIF file that creates two server
accounts:
dn: CN=SERVER10,OU=Servers,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SERVER10
userAccountControl: 4096
sAMAccountName: SERVER10$
dn: CN=SERVER11,OU=Servers,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SERVER11
userAccountControl: 4096
sAMAccountName: SERVER11$
The basic syntax of the LDIFDE command is similar to that of the
CSVDE command:
ldifde [-i] [-f "Filename"] [-k]
By default, LDIFDE is in export mode. The
-i parameter specifies import mode. You must specify the
-f mode to identify the file you are using for
import or export. LDIFDE will stop when it encounters errors unless
you specify the -k parameter, in which case,
LDIFDE continues processing.
Creating Computers with DSAdd
To create computer objects, simply type dsadd computer
ComputerDN where ComputerDN is the distinguished name (DN)
of the computer, such as
“CN=Desktop123,OU=Desktops,DC=contoso,DC=com”. If the computer’s DN
includes a space, surround the entire DN with quotation marks.
The DSAdd Computer command can take the following optional
parameters after the DN parameter:
-
-samid ComputerName
-
-desc Description
-
-loc Location
If you type DSAdd Computer /?, the help
text for the command states the following:
If you enter multiple values, the values must be separated by
spaces (for example, a list of computer distinguished names).
This is not accurate. You cannot use the DSAdd Computer command
to add multiple computers with a single command.
Creating Computers with NetDom
The NetDom command can also perform a variety of domain account
and security tasks in Command Prompt. You can also use it to
create a computer account by typing the following command:
netdom add ComputerName /domain:DomainName [/ou:OUDN] [/UserD:User /PasswordD:Password]
This command creates the computer account for
ComputerName in the domain indicated by the
domain parameter, using the credentials specified
by UserD and PasswordD. The
/ou parameter causes the object to be created in
the OU specified by the OUDN distinguished name following the
parameter. If no OUDN is supplied, the computer
account is created in the default computer container. The user
credentials must, of course, have permissions to create computer
objects.
Creating Computers with Windows PowerShell
As
with user objects, you can use Windows PowerShell to manage computer
objects.
The following cmdlets work with Active Directory group
objects:
-
New-ADComputer
Creates a computer.
As with the New-ADUser cmdlet, you can
use a template to create a new computer with specific properties
preconfigured.
Windows PowerShell provides cmdlets that you can use to
consume a data source. For example, the
Import-CSV cmdlet can consume a CSV file of
computer names and pipe each name to
New-ADComputer to create more than one
computer. -
Remove-ADComputer
Deletes a computer. -
Get-ADComputer
Retrieves an object reference to a computer. -
Set-ADComputer
Configures properties of a computer.
Practice Automating the Creation of Computer Objects
Practice Automating the Creation of Computer
Objects
In this practice, you implement automation to import and
create computers in the contoso.com domain. Before
performing the exercises in this practice, be sure that you have
the following objects in the contoso.com domain.
EXERCISE 1 Create a Computer with
DSAdd
The DSAdd command adds a computer in Command Prompt. An
advantage of the DSAdd command is that it requires only the
computer’s DN. It creates the sAMAccountName
and userAccountControl attributes
automatically. In this exercise, you create a computer with
Dsadd.exe. (If you have already performed
this exercise as part of the last step of Exercise 3 in Lesson 1,
you do not need to perform it a second time. If you try to add the
computer twice, you will receive an error.)
-
Log on to SERVER01 as Administrator. -
Open Command Prompt. -
Type the following command and press Enter:
dsadd computer "CN=DESKTOP152,OU=Clients,DC=contoso,DC=com" -
Using the Active Directory Users And Computers snap-in, verify that the computer was
created successfully.
EXERCISE 2 Import Computers by Using
CSVDE
When you want to create more than a few computers, you might
find it easier to import the computer objects from a data source
such as a .csv file. In this exercise, you use CSVDE to import
computer accounts from a .csv file.
-
In Notepad, type the following lines.
DN,objectClass,name,userAccountControl,sAMAccountName
"CN=DESKTOP103,OU=Clients,DC=contoso,DC=com",computer,DESKTOP103,4096,DESKTOP103$
"CN=DESKTOP104,OU=Clients,DC=contoso,DC=com",computer,DESKTOP104,4096,DESKTOP104$
"CN=SERVER03,OU=Servers,DC=contoso,DC=com",computer,SERVER03,4096,SERVER03$ -
Save the file to your Documents folder with the name
“Computers.csv”, including the quotes so that Notepad does not
add a .txt extension. -
Open Command Prompt, type the following command, and
then press Enter:
csvde -i -f "%userprofile%\documents\computers.csv" -
Open the Active Directory Users And Computers snap-in
and verify that the computer objects were created
successfully.
EXERCISE 3 Import Computers from an
LDIF File
LDIF files are not as familiar to most administrators as
.csv files, but they are powerful and relatively easy to master.
In this exercise, you create an LDIF file and import it by using
Ldifde.exe.
-
In Notepad, enter the following, making certain to
include a blank line between the two operations (before the
dn line for
SERVER11):
dn: CN=SERVER10,OU=Servers,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SERVER10
userAccountControl: 4096
sAMAccountName: SERVER10$
dn: CN=SERVER11,OU=Servers,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SERVER11
userAccountControl: 4096
sAMAccountName: SERVER11$ -
Save the file to your Documents folder with the name
“Computers.ldf”, including the quotation marks so Notepad
doesn’t add a .txt extension. -
Open Command Prompt, type the following command, and
then press Enter:
ldifde -i -f "%userprofile%\documents\computers.ldf" -
Open the Active Directory Users And Computers snap-in
and verify that the computers were created
successfully.
EXERCISE 4 Create a Computer with
Windows PowerShell
Windows PowerShell lets you use ADSI to create and
manipulate Active Directory objects. In this exercise, you create
a computer with Windows PowerShell.
-
Open Windows PowerShell, type the following command on
one line, and press Enter:
New-ADComputer -Name "DESKTOP154" -sAMAccountName "DESKTOP154" -Path
"OU=Clients,DC=contoso,DC=com" -
Open the Active Directory Users And Computers snap-in
and confirm that DESKTOP154 was created in the Clients
OU.
|
