[Logo] LDAPSoft LDAP And Active Directory Tools Community Forums
  [Search] Search   [Register] Register /  [Login] Login 
 
Import LDIF 'memberOf'  XML
Forum Index » General Discussion
Author Message
[Post New]19/05/2009 07:10:57
    Subject: Import LDIF 'memberOf'
[Up]
Ed.Kok



Joined: 19/05/2009 07:03:42
Messages: 2
Offline
Hi all,

an AD Export via LDIF shows lines like:

But when I import the LDIF-file the group-membership isn't created.

Any suggestions?

Ed
[Post New]20/05/2009 01:51:25
    Subject: Import LDIF 'memberOf'
[Up]
support



Joined: 27/06/2008 19:01:18
Messages: 123
Offline
Please see the following article on ldif export in active directory

http://support.microsoft.com/kb/555634

LDIFDE doesn’t support changing Group Membership. You can use CSVDE or ADDUSERS.exe or DStools for Windows 2003 Editions.


[Post New]20/05/2009 10:29:07
    Subject: Re:Import LDIF 'memberOf'
[Up]
Ed.Kok



Joined: 19/05/2009 07:03:42
Messages: 2
Offline
Thanks for the reply.

I've read the mentioned doc but I'm a bit of a newby, so pls. be patient...

1. Do I understand it correctly that "LDAP Admin Tool" uses Microsoft's "LDIFDE"?
2. Is adding a user to a group via "LDIF import" the same as 'changing Group Membership'?
3. If I have 'memberOf: ' lines in a (large) ldif-file, there is no way to import these in AD then?

Ed
[Post New]20/05/2009 13:58:59
    Subject: Re:Import LDIF 'memberOf'
[Up]
support



Joined: 27/06/2008 19:01:18
Messages: 123
Offline
1. Do I understand it correctly that "LDAP Admin Tool" uses Microsoft's "LDIFDE"?
No we don't use the Microsoft's LDIFIDE for import, we use the standard LDIF import process

2. Is adding a user to a group via "LDIF import" the same as 'changing Group Membership'?
With Active Directory LDIF import is different than any other directories as AD does not load the system attributes during LDIF import and if you provide system attributes it will fail.
We specifically don't load the following attributes during the ldif import
sAMAccountType,lastLogon,lastLogon,whenCreated,badPasswordTime,ockoutTime,whenChanged,primaryGroupID,badPwdCount,lastLogoff,primaryGroupID,pwdLastSet,accountExpires,logonCount,adminCount,userAccountControl

We also look at the schema for the system attributes and if the attribute is identified as system attribute (systemOnly=TRUE), we don't load it.
In this case it look like the 'memberof' attribute is identified as system attribute and that is why it was not loaded.

3. If I have 'memberOf: ' lines in a (large) ldif-file, there is no way to import these in AD then?
Try loading the same file with Microsoft's LDIFDE and see if you get the same results.

We will look at the code again and if possible will provide the memberof loading in the next release.




 
Forum Index » General Discussion
Go to:   
[Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Members]  Member Listing  
Powered by JForum 2.1.9 © JForum Team