none
Using CSVDE export/import a global security grouping

    Question

  • Hi, new to AD first time using CSVDE,
    2008 domain

    In the domain, created a global security group of 128 users to be applied to some app based policys.
    need to export the group to a csv file, to transfer to a test domain which mirrors live, which i think i can export with
    CSVDE -d "cn=g-sec-appgrouping,OU=dept,OU=london,DC=blah,dc=com" -f appgroup.csv
    Test system is a direct mirror of live.
    I now need to import it in to live
    Question would the global security be a CN class or an OU class
    and would the Import string look like this
    CSVDE -i "cn=g-sec-appgrouping,OU=dept,OU=london,DC=blah,dc=com" -f appgroup.csv
    Trying to do this in theory at home, to get my head round it,before i get to work to try it out tomorrow.
    any advice gratefully welcomed


    Thursday, November 19, 2009 9:04 PM

Answers

  • You don't want to export all attributes, just the ones you want copied to the new group. For example, objectSID and objectGUID should not be included. Use the -l switch to list the ones required. Then you will need to modify the resulting csv file for the test domain. For example, you might use (one line):

    csvde -d "cn=MyGroup,ou=West,dc=MyDomain,dc=com" -f group.csv -l objectClass,cn,member,distinguishedName,sAMAccountName,groupType,objectCategory

    Then modify the csv file for the new domain. If the name of the group changes, modify distinguishedName, cn, and sAMAccountName accordingly. Also, I did not include memberOf, but if you want to retain memberships this group has elsewhere (in other groups), add this attribute. Then you can import the group with simply:

    csvde -i -f group.csv

    Richard Mueller
    MVP ADSI
    Thursday, November 19, 2009 10:54 PM

All replies

  • You don't want to export all attributes, just the ones you want copied to the new group. For example, objectSID and objectGUID should not be included. Use the -l switch to list the ones required. Then you will need to modify the resulting csv file for the test domain. For example, you might use (one line):

    csvde -d "cn=MyGroup,ou=West,dc=MyDomain,dc=com" -f group.csv -l objectClass,cn,member,distinguishedName,sAMAccountName,groupType,objectCategory

    Then modify the csv file for the new domain. If the name of the group changes, modify distinguishedName, cn, and sAMAccountName accordingly. Also, I did not include memberOf, but if you want to retain memberships this group has elsewhere (in other groups), add this attribute. Then you can import the group with simply:

    csvde -i -f group.csv

    Richard Mueller
    MVP ADSI
    Thursday, November 19, 2009 10:54 PM
  • Oh yes. The class of all groups is "group". The relative distinguished name (RDN) of all groups is "cn=<name>", so all groups have a Common Name. I'm not sure what you mean when you ask if the group should be a cn class or ou class.

    Also, the member objects should already exist when you import the group. If the group and all members are the same except for the domain, you can globally replace "dc=MyDomain,dc=com" in the csv file with the correct string for the new domain. The export and import statements only export and import the group itself, not the members. I hope this helps.

    Richard Mueller


    MVP ADSI
    Thursday, November 19, 2009 10:59 PM
  • Hi Richard

    Many thanks
    the import/export went v.well
    I got the correct context of the global security group from the distinguished name in the attributte editor of that object
    By using the csvde -d "correct context" -f group etc..

    and it worked
    I also opened it in an excel spreadsheet to check exactly what had exported.

    Many thanks
    Monday, November 23, 2009 6:05 PM