CSVDE

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Csvde

Imports and exports data from Active Directory using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard.

Csvde is a command-line tool that is installed in the %windir%/system32 folder on Windows Server 2003 by default. To run csvde on a computer running Windows Server 2003, open a command prompt, type csvde with the appropriate parameters, and then press ENTER.

You can also run csvde on a computer running Windows XP Professional if you install Active Directory Application Mode (ADAM) on that computer. Csvde will be located in the %windir%/ADAM folder. To download ADAM, see Active Directory Application Mode (ADAM) at the Download Center (https://go.microsoft.com/fwlink/?LinkID=29359).

Syntax

Csvde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a UserDistinguishedName Password] [-b UserName Domain Password]

Parameters

• -i
  Specifies import mode. If not specified, the default mode is export.

• -f FileName
  Identifies the import or export file name.

• -s ServerName
  Specifies the domain controller to perform the import or export operation.

• -c String1 String2
  Replaces all occurrences of String1 with String2. This is generally used when importing data from one domain to another and the distinguished name of the export domain (String1) needs to be replaced with that of the import domain (String2).

• -v
  Sets verbose mode.

• -j Path
  Sets the log file location. The default is the current path.

• -t PortNumber
  Specifies a Lightweight Directory Access Protocol (LDAP) port number. The default LDAP port is 389. The global catalog port is 3268.

• -d BaseDN
  Sets the distinguished name of the search base for data export.

• -r LDAPFilter
  Creates an LDAP search filter for data export.

• -p Scope
  Sets the search scope. Search scope options are Base, OneLevel, or SubTree.

• -l LDAPAttributeList
  Sets the list of attributes to return in the results of an export query. Attributes can be returned by LDAP in any order, and CSVDE does not attempt to impose any ordering of the columns. If this parameter is omitted, all attributes are returned.

• -o LDAPAttributeList
  Sets the list of attributes to omit from the results of an export query. This is typically used when exporting objects from Active Directory and then importing them into another LDAP-compliant directory. If attributes are not supported by another directory, you can omit the attributes from the result set using this option.

• -g
  Omits paged searches.

• -m
  Omit attributes that only apply to Active Directory objects such as the ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.

• -n
  Omits export of binary values.

• -k
  Ignores errors during the import operation and continues processing. The following is a complete list of ignored errors: "Object already exists," "Constraint violation," and "Attribute or value already exists."

• -a UserDistinguishedName Password
  Sets the command to run using the supplied UserDistinguishedName and Password. By default, the command runs using the credentials of the user currently logged on to the network. This performs a simple LDAP bind with the user name and password.

• -b UserName Domain Password
  Sets the command to run as UsernameDomainPassword. By default, the command will run using the credentials of the user currently logged on to the network. This performs a secure LDAP bind with the NEGOTIATE authentication method.

• -?
  Displays the command menu.

Remarks

• You cannot import user passwords by using csvde because passwords must be sent over an encrypted channel. Csvde does not support Secure Sockets Layer (SSL) or encrypted LDAP communication. The previous references to passwords relate to the credentials of the user who is running the csvde command. They are not related to setting passwords for users.

• Applications such as Microsoft Excel are capable of reading and saving data in the CSV format. You can also create CSV files using Notepad; be sure to separate the values that you add to your file with commas. In addition, the Microsoft Exchange Server administration tools are also capable of importing and exporting data using the CSV format, as are many other non-Microsoft tools.

  The CSV format consists of one or more lines of data, with each value separated by a comma and with no spaces between the comma and the next entry. The first line (sometimes referred to as the header) of the CSV file must contain the names of each attribute in the same order as the data in any line following the first line. For example:

  ObjectClass,DN,GivenName,SN,SamAccountName,Description

  user,”CN=Ken Myers,OU=Accounting,DC=Fabrikam,DC=com”,Ken,Myers,Ken.Myers,Manager

  user,”CN=Sara Davis,OU=Accounting,DC=Fabrikam,DC=com”,Sara,Davis,Sara.Davis,President

• To see a list of properties that can be updated by csvde, see the appropriate supported interfaces in ADSI Objects of LDAP (https://go.microsoft.com/fwlink/?LinkId=91123). For example, to see the properties that can be set for Active Directory user objects, click the IADsUser link (https://go.microsoft.com/fwlink/?LinkId=91124), and then view the Properties table.

• You can use csvde -r to create an LDAP search filter for data export. For example, the following filter exports all users with a particular surname:

  csvde -r (&(objectClass=User)(sn=Surname))

Examples

The following sample file contents are for a domain named Cpandl.com that has organizational units (OUs) named SW Dev, Acct, and AP. The AP OU is subordinate to the Acct OU. The first line of the file defines the Active Directory object properties for user accounts to be created by the entries in the rest of the file. The remaining lines are used to create the user accounts. The first user account is created in the default Users container, and the rest of the user accounts are created in the SW Dev, Acct, and AP OUs, respectively:

objectClass,dn,sAMAccountName,userPrincipalName,userAccountControl
user,"CN=KMyer,CN=Users,DC=cpandl,DC=com",KenM,KenM@cpandl.com,514
user,"CN=WYu,OU=SW Dev,DC=cpandl,DC=com",WeiY,WeiY@cpandl.com,514
user,"CN=JMorris,OU=Acct,DC=cpandl,DC=com",JonM,JonM@cpandl.com,514
user,"CN=YXu,OU=AP,OU=Acct,DC=cpandl,DC=com",YeX,YeX@cpandl.com,514

The -d switch indicates the root (top) of a particular query. For example, if you want to export all the objects in the Marketing top-level OU of the Contoso.com domain to a file named marketingobjects.csv, you can use the following command:

csvde -d "ou=marketing,dc=contoso,dc=com" -f marketingobjects.csv

The -r switch is a filter for exporting information from the directory. This switch filters the output that an export request produces. For example, if you want to export only the user account object attributes from a domain to a file named usersonly.csv, you can use the following command:

csvde -r objectClass=user -f usersonly.csv

The following example exports Active Directory data to a file named search.txt, sets the search scope to subtree, and lists the sAMAccountName, CN, and distinguished name attributes for each object that is found in the search:

csvde -f search.txt -p subtree -l SamAccountName,CN,Distinguishname

The following example imports the data from the current domain (the domain that you are logged on to) from a file named input.csv:

csvde -i -f input.csv

The following example exports the data from the current domain (the domain that you are logged on to) to a file named output.csv:

csvde -f output.csv

For additional examples using CSVDE, see article 327620 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=91125).

Formatting legend

See Also

Concepts

LDIFDE
Command-line reference A-Z
Command shell overview