Ldifde
This is the command line reference from Microsoft. This page is for reprinted for historic purposes for people that don’t upgrade their servers but still need to know how to troubleshoot. If i have anything else to add to this it will be at the bottom.
Original URLs:
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731033(v=ws.11)
- https://docs.microsoft.com/en-us/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)?redirectedfrom=MSDN
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)?redirectedfrom=MSDN
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)?redirectedfrom=MSDN
Applies To: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2003 with SP1, Windows 8
Creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services.
Ldifde is a command-line tool that is built into Windows Server 2008. It is available if you have the AD DS or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use ldifde, you must run the ldifde command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
Copy
Ldifde [-i] [-f <FileName>] [-s <ServerName>] [-c <String1> <String2>] [-v] [-j <Path>] [-t <PortNumber>] [-d <BaseDN>] [-r <LDAPFilter>] [-p <Scope>] [-l <LDAPAttributeList>] [-o <LDAPAttributeList>] [-g] [-m] [-n] [-k] [-a <UserDistinguishedName> <Password>] [-b <UserName> <Domain> <Password>] [-?]
Parameters
| Parameter | Description |
|---|---|
| -i | Specifies to use the import mode. The default mode is export. |
| -f <FileName> | Identifies the import or export file name. |
| -s <ServerName> | Specifies the domain controller to perform the import or export operation. By default, ldifde runs on the domain controller on which ldifde is installed. |
| -c <String1> <String2> | Replaces all occurrences of <String1> with <String2>. Generally, you use this parameter when you import data from one domain to another and you must replace the distinguished name of the export domain (<String1>) with the distinguished name of the import domain (<String2>). |
| -v | Sets verbose mode. |
| -j <Path> | Sets the log file location. The default location is the current path. |
| -t <PortNumber> | Specifies a Lightweight Directory Access Protocol (LDAP) port number. The default LDAP port number is 389. The global catalog port number is 3268. |
| -d <BaseDN> | Sets the distinguished name of the search base for data export. |
| -r <LDAPFilter> | Creates an LDAP search filter for data export. For example, to export all users with a surname that you specify, you can use the following filter:-r (and(objectClass=User)(sn=Surname)) |
| -p <Scope> | Sets the search scope. The search scope options are Base, OneLevel, or SubTree. |
| -l <LDAPAttributeList> | Sets the list of attributes to return in the results of an export query. If you do not specify this parameter, the search returns all attributes. |
| -o <LDAPAttributeList> | Sets the list of attributes to omit from the results of an export query. This is typically used when exporting objects from AD DS and then importing them into another LDAP-compliant directory. If attributes are not supported by another directory, you can omit the attributes from the result set using this option. |
| -g | Omits paged searches. |
| -m | Omits attributes that apply only to Active Directory objects, such as the ObjectGUID, objectSID, pwdLastSet and samAccountType attributes. |
| -n | Omits the export of binary values. |
| -k | Ignores errors during an import operation and continues processing. This parameter ignores all of the following errors:The object is already a member of the groupThe operation has an object class violationThis violation means that the specified object class does not exist, if the object being imported has no other attributes.The object already existsThe operation has a constraint violationThe attribute or value already existsThe operation found no such object |
| -a <UserDistinguishedName> <Password> | Sets the command to run using the distinguished name (<UserDistinguishedName>) and password (<Password>) that you supply. By default, the command uses the credentials of the user who is currently logged on to the network. |
| -b <UserName> <Domain> <Password> | Sets the command to run using the supplied <UserName> <Domain> <Password>. By default, the command will run using the credentials of the user currently logged on to the network. |
| /? | Displays help at the command menu. |
Remarks
- When you create the import file to use with the ldifde command, use a changeType value to define the type of changes that the import file will contain. The following table shows the changeType values that you can use.ValueDescriptionaddSpecifies that new content is contained in the import file.modifySpecifies that existing content has been modified in the import file.deleteSpecifies that content has been deleted in the import file.The following example shows an LDAP Data Interchange Format (LDIF) import file format that uses the add value.Copy
DN: CN=SampleUser,DC=DomainName changetype: add CN: SampleUser description: DescriptionOfFile objectClass: User sAMAccountName: SampleUser
Examples
To retrieve only the distinguished name, common name, first name, surname, and telephone number for user objects in the fabrikam.com domain to a file named ldifde.txt in the c:\ldifde folder, run the following command:Copy
Ldifde -d dc=fabrikam,dc=com -r (objectClass=User) -l distinguishedname,cn,givenname,sn,telephone –f ldifde.txt
To selectively omit the object creation date and time and the object globally unique identifier (GUID), run the following command:Copy
Ldifde -d dc=fabrikam,dc=com -r (objectClass=User) -o whenCreated,objectGUID –f ldifde.txt
Tip
For more examples, see the following resources: Article 237677 (https://go.microsoft.com/fwlink/?LinkID=87487) in the Microsoft Knowledge Base Article 555636 (https://go.microsoft.com/fwlink/?LinkId=187670) in Microsoft Knowledge Base
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Ldifde
Creates, modifies, and deletes directory objects on computers running Windows Server 2003 operating systems or Windows XP Professional. You can also use Ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services.
Syntax
Ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a UserDistinguishedName Password] [-b UserName Domain Password] [-?]
Parameters
- -i
Specifies import mode. If not specified, the default mode is export. - -f FileName
Identifies the import or export file name. - -s ServerName
Specifies the domain controller to perform the import or export operation. By default, Ldifde will run on the domain controller on which Ldifde is installed. - -c String1 String2
Replaces all occurrences of String1 with String2. This is generally used when importing data from one domain to another and the distinguished name of the export domain (String1) needs to be replaced with that of the import domain (String2). - -v
Sets verbose mode. - -j Path
Sets the log file location. The default is the current path. - -t PortNumber
Specifies a LDAP port number. The default LDAP port is 389. The global catalog port is 3268. - -d BaseDN
Sets the distinguished name of the search base for data export. - -r LDAPFilter
Creates a LDAP search filter for data export. For example, to export all users with a particular surname, you can use the following filter -r (and(objectClass=User)(sn=Surname)) - -p Scope
Sets the search scope. Search scope options are Base, OneLevel, or SubTree. - -l LDAPAttributeList
Sets the list of attributes to return in the results of an export query. If this parameter is omitted, all attributes are returned. - -o LDAPAttributeList
Sets the list of attributes to omit from the results of an export query. This is typically used when exporting objects from Active Directory and then importing them into another LDAP-compliant directory. If attributes are not supported by another directory, you can omit the attributes from the result set using this option. - -g
Omits paged searches. - -m
Omits attributes that only apply to Active Directory objects such as the ObjectGUID, objectSID, pwdLastSet and samAccountType attributes. - -n
Omits export of binary values. - -k
Ignores errors during the import operation and continues processing. The following is a complete list of ignored errors:- object is already a member of the group
- object class violation (meaning the specified object class does not exist), if the object being imported has no other attributes
- object already exists
- constraint violation
- attribute or value already exists
- no such object
- -a UserDistinguishedName Password
Sets the command to run using the supplied UserDistinguishedName and Password. By default, the command will run using the credentials of the user currently logged on to the network. - -b UserName Domain Password
Sets the command to run using the supplied UserName Domain Password. By default, the command will run using the credentials of the user currently logged on to the network. - -?
Displays the command menu.
Remarks
- When creating the import file to use with the Ldifde command, use a changeType value to define the type of changes the import file will contain. The following changeType values are available:ValueDescriptionaddSpecifies that new content is contained in the import file.modifySpecifies that existing content has been modified in the import file.deleteSpecifies that content has been deleted in the import file.
The following is an example of an LDIF import file format using the add value.
DN: CN= SampleUser ,DC= DomainName
changetype: add
CN: SampleUser
description: DescriptionOfFile
objectClass: User
sAMAccountName: SampleUser
Examples
To retrieve only the distinguished name, common name, first name, surname, and telephone number for user objects in the fabrikam.com domain to a file named ldifde.txt in the c:\ldifde folder, run the following command:
Ldifde –d dc=fabrikam,dc=com –r (objectClass=User) -l distinguishedname,cn,givenname,sn,telephone
To selectively omit the object creation date and time and the object globally unique identifier (GUID), run the following command:
Ldifde –d dc=fabrikam,dc=com –r (objectClass=User) -o whenCreated,objectGUID
Tip
For more examples, see the following resources:
- Article 237677 (https://go.microsoft.com/fwlink/?LinkID=87487) in the Microsoft Knowledge Base
- Article 555636 (https://go.microsoft.com/fwlink/?LinkId=187670) in the Microsoft Knowledge Base
Formatting legend
| Format | Meaning |
|---|---|
| Italic | Information that the user must supply |
| Bold | Elements that the user must type exactly as shown |
| Ellipsis (…) | Parameter that can be repeated several times in a command line |
| Between brackets ([]) | Optional items |
| Between braces ({}); choices separated by pipe (|). Example: {even|odd} | Set of choices from which the user must choose only one |
Courier font | Code or program output |
Import or Export Directory Objects Using Ldifde
Applies To: Windows Server 2008
You can import data into an Active Directory Lightweight Directory Services (AD LDS) instance during setup of the instance (by using the Importing LDIF Files page in the Active Directory Lightweight Directory Services Setup Wizard) or manually anytime after creation of the instance by using the ldifde command-line tool, which creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema and to export user and group information to other applications or services. For example, you can use ldifde to export directory objects from another directory service and then use ldifde to import the directory objects into an AD LDS instance.
Membership in the AD LDS Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.
To import or export directory objects using ldifde
- To open a command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
- Do one of the following:
- To import directory objects, at the command prompt, type the following command, and then press ENTER:Copy
ldifde -i -f <filename> -s <servername>:<port> -m -a <username> <domain> <password> - To export directory objects, at the command prompt, type the following command, and then press ENTER:Copy
ldifde -e -f <filename> -s <servername>:<port> -m -a <username> <domain> <password>
- To import directory objects, at the command prompt, type the following command, and then press ENTER:Copy
| Parameter | Description |
|---|---|
| ldifde | Specifies a utility program that supports batch operations that are based on the LDIF file standard. |
| -i | Performs an import. |
| -e | Performs an export. |
| -f | Specifies the file to import or export. |
| <filename> | The name of the file to import or export. |
| -s | Specifies the host name and port of the AD LDS instance or other directory service. |
| <servername> | The host name of the AD LDS instance or other directory service. |
| <port> | The port for the AD LDS instance or other directory service. |
| -m | Ignores (that is, does not import or export) attributes that are used only by the Active Directory Domain Services AD DS.You can use this parameter when you export directory objects from an existing AD DS forest and then import them into AD LDS. |
| -a | Specifies account credentials. If they are not provided, ldifde uses the credentials of the currently logged on user. |
| <username> | The user name of the account to be used to bind to the specified directory service. |
| <domain> | The domain name of the account to be used to bind to the specified directory service. |
| <password> | The password of the account to be used to bind to the specified directory service. |
| -h | Allows the import of passwords by using simple authentication and security layer (SASL) encryption. |
| -c <String1> <String2> | Replaces all occurrences of String1 with String2. With AD LDS, you can use the constants #schemaNamingContext and #configurationNamingContext in place of the distinguished names of the schema directory partition and configuration directory partition when you replace strings in .ldf files. |
Step-by-Step Guide to Bulk Import and Export to Active Directory
This guide introduces batch administration of the Active DirectoryTM service, using both the LDAP Data Interchange Format (LDIF) utility and a simple program you can write using the Visual Basic® Scripting Edition (VBScript) development system. Using these tools, you can export, import, and modify objects such as users, contacts, groups, servers, printers, and shared folders.
On This Page
Introduction Using the LDIFDE Utility Using VBScript and ADSI Important Notes
Introduction
In this guide, you will perform the following tasks:
- Perform batch operations using the LDIFDE utility. Export users from the Marketing organizational unit (OU) in the Reskit domain into a file format compatible with the LDIF standard format. Perform a batch modification of all the users in the Marketing OU. Use LDIF to create a new user and delete a user.
- Perform batch operations using ADSI and VBScript. Export users from the Marketing OU in the Reskit domain into a text file, using a script written with ADSI and VBScript. Use VBScript to perform a batch modification of all the users in the Marketing OU. Use VBScript to create a new user and delete a user.
Requirements and Prerequisites
You must install the Windows 2000 Server operating system, including Active Directory, on a server in your network. You can then run the Administration Tools from the server or from a workstation running the Windows 2000 Professional operating system.
This step-by-step guide assumes that you have run the procedures in A Common Infrastructure for Windows 2000 Server Deployment Step-by-Step Part 1.
The common infrastructure documents specify a particular hardware and software configuration. If you are not using the common infrastructure, you need to make the appropriate changes to this document. For the latest information about hardware requirements and compatibility for servers, clients, and peripherals, see the Windows 2000 Product Compatibility search page (https://www.microsoft.com/windows2000/server/howtobuy/upgrading/compat/default.asp).
The Administration Tools are installed by default on all Windows 2000-based domain controllers. The LDIFDE utility described in this guide is installed by default on servers, and can be copied to any Windows 2000-based workstation. The VBScript programs that you create can be run from either servers or workstations.
For all procedures in this guide, you must be logged on as an administrator. If you log on using an account that does not have administrative privileges, you may not be able to perform export and import operations in Active Directory.
Using the LDIFDE Utility
The LDAP Data Interchange Format (LDIF) is an Internet draft standard for a file format that can be used for performing batch operations on directories that conform to the LDAP standards. LDIF can be used to export and import data, allowing batch operations such as Add, Modify, and Delete to be performed in Active Directory. A utility called LDIFDE is included in the Windows 2000 operating system to support batch operations based on the LDIF standard.
Using LDIF to Export All Objects in the Marketing OU
You can use LDIFDE to export all objects in the Marketing organizational unit (OU), created in ” Step-by-Step Guide to Common Infrastructure Part 1“. This example searches the organizational unit for certain objects and creates a file containing the names of those objects.
To export all objects in the Marketing OU
- Click Start, point to Programs, then point to Accessories, and click Command Prompt.
- At the command prompt, type:ldifde -f marketing.ldf -s hq-res-dc-01-d”ou=Marketing,dc= reskit,dc=com”-psubtree–r”(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=reskit,DC=com)”
This creates a LDIF file named Marketing.ldf, by connecting to the server named HQ-RES-DC-01 and executing a subtree search of the Marketing OU for all objects of the category Person. (See Figure 1 below.)
Note that objectCategory is an indexed attribute designed to enhance search performance.
.gif "Bb727091.bulkst01(en-us,TechNet.10).gif")
Figure 1: Creating an LDF file
You can use this LDIF file to perform a batch import of all the objects from the Marketing OU into any other LDAP-compatible directory. Some attributes may not be applicable to other implementations of LDAP. In particular, if you use this mechanism to import the objects into another Active Directory, some attributes must be omitted because they are automatically generated during object creation. (If they are not specifically omitted, the operation will fail.)
For example, the LDIFDE command that is used to omit these attributes is:
ldifde -f marketing.ldf -s hq-res-dc-01 d “ou=Marketing,dc= reskit,dc=com”–r >”(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=reskit,DC=com)” –m
Using LDIF to Modify All Objects in the Marketing OU
In this example, the entire Marketing organization has moved to a new office address. You use LDIF to perform a batch modification for all user objects in the Marketing organization by altering the state, street, locality, and postal code attributes.
To modify all objects in the Marketing OU
- Click Start, point to Programs, then point to Accessories, and click Command Prompt.
- At the command prompt, type the following command to extract the required entries:ldifde -f marketing.ldf -s hq-res-dc-01-d”ou=Marketing,dc= reskit,dc=com”-psubtree–r”(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=reskit,DC=com)” –l “l,st,streetAddress, postalCode”
- Use a text editor such as Notepad to edit the LDIF file, Marketing.ldf. (Save the file as an .ldf file.) Modify each entry so that it is similar to that shown in Figure 2 below.Figure 2: Editing attributes for a move
- Run LDIFDE to import the modifications into Active Directory. At the command prompt, type the following command, and then press > Enter. (See Figure 3 below.)ldifde –i -f marketing.ldf -s hq-res-dc-01Figure 3: Importing modifications into the Active Directory
- To confirm that the entries have been modified, check the Active Directory Users and Computers snap-in. (For help with using this snap-in, see the Step-by-Step Guide to Managing the Active Directory. )
For further information on using LDIFDE, type LDIFDE /? at the command prompt.
Note: Another utility called CSVDE performs the same export functions as LDIFDE, but uses a comma-separated file format. Import operations with CSVDE are “add” only, and CSVDE does not offer the ability to modify or delete objects. The CSV file format is supported by applications such as Microsoft Excel.
Using LDIF to Create a New User
In this example, you use LDIF to add a new user named James Smith to the Marketing organizational unit.
- Start a text editor, such as Notepad, and create a new text file named Newuser.ldf. (Save the file as an ldif file, not as a text file.)
- Edit the LDIF file Newuser.ldf, and add the following text (see Figure 4 below):dn: CN=JamesSmith,OU=Marketing,DC=reskit,DC=comchangetype: add cn: James Smith objectClass: user samAccountName: James > givenName: James > sn: Smith
- Save and close the LDIF file.
- Run LDIFDE to import the new user into Active Directory. On the Start menu, point to Programs, then point to Accessories, and click Command Prompt. Type the following command, and then press Enter.ldifde –i -f newuser.ldf -s hq-res-dc-01
- To confirm that the new user has been created, check the Active Directory Users and Computers snap-in.Figure 4: Adding a new user to the Marketing OU
Using LDIF to Delete a User
In this example, you use LDIF to remove the user named James Smith from the Marketing OU.
- Start a text editor such as Notepad, and create a new file named Deluser.ldf.
- Edit the LDIF file Deluser.ldf, and add the following text.dn: CN=JamesSmith,OU=Marketing,DC=reskit,DC=comchangetype: delete
.gif)
Figure 5: Remove James Smith from OU - Run LDIFDE to delete the user from Active Directory. At the command prompt, type the following command, and then press Enter.ldifde –i -f deluser.ldf -s hq-res-dc-01
- To confirm that the user has been deleted, check the Active Directory Users and Computers snap-in.
Using VBScript and ADSI
Active Directory Services Interfaces (ADSI) makes it easy to develop directory-enabled applications. In conjunction with the Windows Script Host, batch directory operations can be scripted using VBScript or Jscript® development software. In this guide, the procedures that were described in the previous section (which used LDIF) are performed using simple applications written in VBScript.
Please note that these scripts do not include any error checking, nor are they meant to provide a programmer’s reference to VBScript and ADSI. All of the examples included here assume you are logged on with the proper credentials on a machine that is a member of the target domain. It is possible in ADSI to explicitly specify credentials and a target domain. For more information on this, see the documentation on ADSI’s OpenDSObject in the Platform SDK (https://msdn.microsoft.com/downloads/sdks/platform/platform.asp).
After each procedure, confirm that the entries have been modified by checking the Active Directory Users and Computers snap-in.
Using VBScript to Export All Objects in the Marketing OU
In this example, you use a text editor such as Notepad to create a VBScript program. The script searches the Marketing OU and creates a text file that lists all of the user objects and a subset of their attributes.
To create the export script
- Copy the following text into your text editor:
‘Global variables Dim oContainer Dim OutPutFile Dim FileSystem ‘Initialize global variables Set FileSystem = WScript.CreateObject(“Scripting.FileSystemObject”) Set OutPutFile = FileSystem.CreateTextFile(“marketing.txt”, True) SetoContainer=GetObject(“LDAP://OU=marketing,DC=reskit,DC=com”) ‘Enumerate Container EnumerateUsers oContainer ‘Clean up OutPutFile.Close Set FileSystem = Nothing Set oContainer = Nothing WScript.Echo “Finished” WScript.Quit(0) Sub EnumerateUsers(oCont) Dim oUser For Each oUser In oCont Select Case LCase(oUser.Class) Case “user” If Not IsEmpty(oUser.distinguishedName) Then OutPutFile.WriteLine “dn: ” & oUser.distinguishedName End If If Not IsEmpty(oUser.name) Then OutPutFile.WriteLine “name: ” & oUser.Get (“name”) End If ‘need to do this because oUser.name would get back the Relative Distinguished name (i.e. CN=Jo Brown) If Not IsEmpty(oUser.st) Then OutPutFile.WriteLine “st: ” & oUser.st End If If Not IsEmpty(oUser.streetAddress) Then OutPutFile.WriteLine “streetAddress: ” & oUser.streetAddress End If Case “organizationalunit” , “container” EnumerateUsers oUser End Select OutPutFile.WriteLine Next End Sub
- Save the file as Export.vbs.
- At the command prompt type export.vbs and press Enter. This creates a file named Marketing.txt, which contains a list of users and some of their attributes, such as distinguished name, name, state, and street address.
With appropriate modification, this script can be used with any application that supports COM and Visual Basic technologies. Such applications include Microsoft Visual Basic, Microsoft Excel, and Microsoft Access. Scripting can also be hosted by Internet Explorer and Internet Information Services 5.0, which is part of Windows 2000 Server.
Using VBScript to Modify All Objects in the Marketing OU
In this example, the Marketing organization has moved to a new office address. A simple VBScript program is used to perform a batch modification for all user objects in the Marketing organization. The script alters the state, street, locality, and postal code attributes.
- Copy the following text into your text editor:
Dim oContainer Set oContainer=GetObject(“LDAP:// OU=marketing,DC=reskit,DC=com”) ModifyUsers oContainer ‘cleanup Set oContainer = Nothing WScript.Echo “Finished” Sub ModifyUsers(oObject) Dim oUser oObject.Filter = Array(“user”) For Each oUser in oObject oUser.Put “st”,”New York” oUser.Put “streetAddress”,”825 Eighth Avenue” oUser.Put “postalCode”,”10019″ oUser.Put “l”,”New York” oUser.SetInfo Next End Sub
- Save the file as Modify.vbs.
- At the command prompt, type modify.vbs and press Enter. This processes all objects in the Marketing organizational unit and modifies all users, altering the state, street address, postal code, and locality attributes.
Using VBScript to Create a User Object in the Marketing OU
In this example, you use VBScript to add a new user to the Marketing organization. This example illustrates how easy it is to use ADSI and VBScript to programmatically access the directory. Note that in this example, only a limited set of attributes are configured during the user creation.
To create the script and add the user
- Copy the following text into your text editor:
Dim oContainer ‘Parent container of new user Dim oUser ‘Created user ‘Get parentcontainerSetoContainer=GetObject(“LDAP://OU=marketing, DC=reskit,DC=com”) ‘Create user Set oUser = oContainer.Create(“User”,”CN=Jo Brown”) ‘Assign properties values to user oUser.Put “samAccountName”,”Jo” oUser.Put “givenName”,”Jo” oUser.Put “sn”,”Brown” oUser.Put “userPrincipalName”,”jo@reskit.com” oUser.SetInfo ‘Clean up Set oUser = Nothing Set oContainer = Nothing WScript.Echo “Finished”
- Save the file as Adduser.vbs.
- At the command prompt, type adduser.vbs and press Enter. This creates a new user named Jo Brown in the Marketing OU.
Using VBScript to Delete a User
In this example, you use VBScript to delete a user from the Marketing organization.
- Copy the following text into your text editor:
Dim oContainer ‘Parent container of object to be deleted ‘Get parent container Set oContainer=GetObject(“LDAP://OU=marketing, DC=reskit,DC=com”) ‘Delete user oContainer.Delete “user”,”CN=Jo Brown” ‘Clean up Set oContainer = Nothing WScript.Echo “Finished”
- Save the file as Deluser.vbs.
- At the command prompt, type deluser.vbs and press Enter. This deletes the user Jo Brown from the Marketing OU.
Important Notes
The example company, organization, products, people, and events depicted in these step-by-step guides are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.
This common infrastructure is designed for use on a private network. The fictitious company name and DNS name used in the common infrastructure are not registered for use on the Internet. Please do not use this name on a public network or Internet.
The Active Directory service structure for this common infrastructure is designed to show how Windows 2000 features work and function with the Active Directory. It was not designed as a model for configuring an Active Directory for any organization–for such information see the Active Directory documentation.
Did you get a clue?
If you got a clue and want to thank me, then visit the thank me page. It’s the best way to keep me publishing articles and keeping this site operation.
This site uses affiliate links. When you go to another site from here the link typically will have an affiliate code attached to it. Your actions on that site may earn a small commission for me. Read our affiliate link policy for more details.
{fin}