LDIFDE and Passwords

sanddo160 used Ask the Experts™

I'm using LDIFDE to create user accounts in our AD but I don't know how to include a password. Can someone help?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

I prefer csvde... it works follow this..
Caveats- you need to create the GPO that the user will reside in prior to import process GPO  I have often had to change the default domain password policy to 0 character 0 complexity , for the account creation process.
 After the process is complete turn it back on, you can reset all user passwords to generic at once - select all new accounts in ADUC - right click propeties - change password for all

often  http://www.computerperformance.co.uk/Logon/Logon_CSVDE.htm

exchange attirubutes>>>http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
You can set passwords with an LDIFDE import, just write the attribute 'unicodePwd'. But there are some constraints:

- Use the 'replace' operator in the LDIF file:
dn: cn=user1,ou=users,dc=yourdomain,dc=com
changetype: modify
replace: unicodePwd
unicodePwd:: ......

- You have to use an encrypted SSL session to the domain controller, otherwise the attribute cannot be written. So just use   LDFIDE -i -t 636 .....     (636 is the TCP port for LDAP/SSL) Your domain controller must have an server certificate to support SSL connections.

- The password value which you write to the user accounts has to be the password as unicode string, enclosed in quotation marks, and converted to a Base64-encoded string. This is the reason why there have to be two colons behind the 'unicodePwd' in the LDIF file. So you'll need some script or tool to convert strings into base64 encoded strings.

Useful links:

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial