IT tutorials
 
Technology
 

Active Directory 2008 : Automating the Creation of Computer Objects

8/17/2013 10:59:38 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Importing Computers with CSVDE

CSVDE is a command-line tool that imports or exports Active Directory objects from or to a comma-delimited text file (also known as a comma-separated value text file, or .csv file). The basic syntax of the CSVDE command is:

csvde [-i] [-f "Filename"] [-k]

The -i parameter specifies import mode; without it, the default mode of CSVDE is export. The -f parameter identifies the file name to import from or export to. The -k parameter is useful during import operations because it instructs CSVDE to ignore errors, including Object Already Exists, Constraint Violation, and Attribute Or Value Already Exists errors.

Comma-delimited files can be created, modified, and opened with tools as familiar as Notepad and Microsoft Office Excel. The first line of the file defines the attributes by their Lightweight Directory Access Protocol (LDAP) attribute names. Each object follows, one per line, and must contain exactly the attributes listed on the first line. A sample file is shown in Excel in Figure 1.

When importing computers, be sure to include the userAccountControl attribute and set it to 4096. This attribute ensures that the computer can join the domain by using the account. Also include the pre-Windows 2000 logon name of the computer, the sAMAccountName attribute, which is the name of the computer followed by a dollar sign ($), as shown in Figure 1.

A .csv file, opened in Excel, that creates three computer accounts

Figure 1. A .csv file, opened in Excel, that creates three computer accounts

Importing Computers with LDIFDE

LDIF files are text files within which operations are specified by a block of lines separated by a blank line. Each operation begins with the DN attribute of the object that is the target of the operation. The next line, changeType, specifies the type of operation: add, modify, or delete.

The following listing is an LDIF file that creates two server accounts:

dn: CN=SERVER10,OU=Servers,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SERVER10
userAccountControl: 4096
sAMAccountName: SERVER10$

dn: CN=SERVER11,OU=Servers,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SERVER11
userAccountControl: 4096
sAMAccountName: SERVER11$

The basic syntax of the LDIFDE command is similar to that of the CSVDE command:

ldifde [-i] [-f "Filename"] [-k]

By default, LDIFDE is in export mode. The -i parameter specifies import mode. You must specify the -f mode to identify the file you are using for import or export. LDIFDE will stop when it encounters errors unless you specify the -k parameter, in which case, LDIFDE continues processing.

Creating Computers with DSAdd

To create computer objects, simply type dsadd computer ComputerDN where ComputerDN is the distinguished name (DN) of the computer, such as “CN=Desktop123,OU=Desktops,DC=contoso,DC=com”. If the computer’s DN includes a space, surround the entire DN with quotation marks.

The DSAdd Computer command can take the following optional parameters after the DN parameter:

  • -samid ComputerName

  • -desc Description

  • -loc Location

If you type DSAdd Computer /?, the help text for the command states the following:

If you enter multiple values, the values must be separated by spaces (for example, a list of computer distinguished names).

This is not accurate. You cannot use the DSAdd Computer command to add multiple computers with a single command.

Creating Computers with NetDom

The NetDom command can also perform a variety of domain account and security tasks in Command Prompt. You can also use it to create a computer account by typing the following command:

netdom add ComputerName /domain:DomainName [/ou:OUDN] [/UserD:User /PasswordD:Password]

This command creates the computer account for ComputerName in the domain indicated by the domain parameter, using the credentials specified by UserD and PasswordD. The /ou parameter causes the object to be created in the OU specified by the OUDN distinguished name following the parameter. If no OUDN is supplied, the computer account is created in the default computer container. The user credentials must, of course, have permissions to create computer objects.

Creating Computers with Windows PowerShell

As with user objects, you can use Windows PowerShell to manage computer objects.

The following cmdlets work with Active Directory group objects:

  • New-ADComputer Creates a computer.

    As with the New-ADUser cmdlet, you can use a template to create a new computer with specific properties preconfigured.

    Windows PowerShell provides cmdlets that you can use to consume a data source. For example, the Import-CSV cmdlet can consume a CSV file of computer names and pipe each name to New-ADComputer to create more than one computer.

  • Remove-ADComputer Deletes a computer.

  • Get-ADComputer Retrieves an object reference to a computer.

  • Set-ADComputer Configures properties of a computer.

Practice Automating the Creation of Computer Objects

Practice Automating the Creation of Computer Objects

In this practice, you implement automation to import and create computers in the contoso.com domain. Before performing the exercises in this practice, be sure that you have the following objects in the contoso.com domain.

  • A first-level OU called Clients

  • A first-level OU called Servers

EXERCISE 1 Create a Computer with DSAdd

The DSAdd command adds a computer in Command Prompt. An advantage of the DSAdd command is that it requires only the computer’s DN. It creates the sAMAccountName and userAccountControl attributes automatically. In this exercise, you create a computer with Dsadd.exe. (If you have already performed this exercise as part of the last step of Exercise 3 in Lesson 1, you do not need to perform it a second time. If you try to add the computer twice, you will receive an error.)

  1. Log on to SERVER01 as Administrator.

  2. Open Command Prompt.

  3. Type the following command and press Enter:

    dsadd computer "CN=DESKTOP152,OU=Clients,DC=contoso,DC=com"
  4. Using the Active Directory Users And Computers snap-in, verify that the computer was created successfully.

EXERCISE 2 Import Computers by Using CSVDE

When you want to create more than a few computers, you might find it easier to import the computer objects from a data source such as a .csv file. In this exercise, you use CSVDE to import computer accounts from a .csv file.

  1. In Notepad, type the following lines.

    DN,objectClass,name,userAccountControl,sAMAccountName
    "CN=DESKTOP103,OU=Clients,DC=contoso,DC=com",computer,DESKTOP103,4096,DESKTOP103$
    "CN=DESKTOP104,OU=Clients,DC=contoso,DC=com",computer,DESKTOP104,4096,DESKTOP104$
    "CN=SERVER03,OU=Servers,DC=contoso,DC=com",computer,SERVER03,4096,SERVER03$
  2. Save the file to your Documents folder with the name “Computers.csv”, including the quotes so that Notepad does not add a .txt extension.

  3. Open Command Prompt, type the following command, and then press Enter:

    csvde -i -f "%userprofile%\documents\computers.csv"
  4. Open the Active Directory Users And Computers snap-in and verify that the computer objects were created successfully.

EXERCISE 3 Import Computers from an LDIF File

LDIF files are not as familiar to most administrators as .csv files, but they are powerful and relatively easy to master. In this exercise, you create an LDIF file and import it by using Ldifde.exe.

  1. In Notepad, enter the following, making certain to include a blank line between the two operations (before the dn line for SERVER11):

    dn: CN=SERVER10,OU=Servers,DC=contoso,DC=com
    changetype: add
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    objectClass: computer
    cn: SERVER10
    userAccountControl: 4096
    sAMAccountName: SERVER10$
    
    dn: CN=SERVER11,OU=Servers,DC=contoso,DC=com
    changetype: add
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    objectClass: computer
    cn: SERVER11
    userAccountControl: 4096
    sAMAccountName: SERVER11$
  2. Save the file to your Documents folder with the name “Computers.ldf”, including the quotation marks so Notepad doesn’t add a .txt extension.

  3. Open Command Prompt, type the following command, and then press Enter:

    ldifde -i -f "%userprofile%\documents\computers.ldf"
  4. Open the Active Directory Users And Computers snap-in and verify that the computers were created successfully.

EXERCISE 4 Create a Computer with Windows PowerShell

Windows PowerShell lets you use ADSI to create and manipulate Active Directory objects. In this exercise, you create a computer with Windows PowerShell.

  1. Open Windows PowerShell, type the following command on one line, and press Enter:

    New-ADComputer -Name "DESKTOP154" -sAMAccountName "DESKTOP154" -Path
       "OU=Clients,DC=contoso,DC=com"
  2. Open the Active Directory Users And Computers snap-in and confirm that DESKTOP154 was created in the Clients OU.

 
Others
 
- Administration of Microsoft Lync Server 2010 : Troubleshooting (part 2) - Lync Server Logging Tool
- Administration of Microsoft Lync Server 2010 : Troubleshooting (part 1)
- Administration of Microsoft Lync Server 2010 : Configuring Quality of Service
- Administration of Microsoft Lync Server 2010 : Management Tasks
- Windows 8 : Maintaining Data Access and Availability - Managing Offline Files (part 3) - Configuring Disk Usage Limits for Offline Files
- Windows 8 : Maintaining Data Access and Availability - Managing Offline Files (part 2) - Managing Offline File Synchronization
- Windows 8 : Maintaining Data Access and Availability - Managing Offline Files (part 1) - Making Files or Folders Available Offline
- Windows 8 : Maintaining Data Access and Availability - Configuring File Explorer Options
- Sharepoint 2013 : Rename a List or Document Library or Change Its Description, Change the Versioning Settings for a List or Document Library
- Sharepoint 2013 : Branching in Surveys
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us