How to import users into Microsoft Active Directory

Active Directory (AD) is an essential part of every business operation and administration as it helps to organize users, devices, and other resources within the organization. With AD, you can customize your data organization, manage it remotely, leverage its built-in features for redundancy, apply global filters, streamline user access, and so much more. This gamut of features makes AD a popular choice among organizations around the world and many other organizations are shifting to AD to leverage its features and benefits. In this article, we will show you a few ways you can import users into Active Directory.

active directory health

Built-in PowerShell cmdlet

PowerShell is a great management tool once you have your Active Directory up and running, and you can also import users to  Active Directory using built-in PowerShell cmdlets. First, create a CSV file and include all the attributes you want. (Patrick Gruenauer at sid-500.com has a good resource on how to create a CSV file you can use with PowerShell to import Active Directory users.)

After you create a users.csv file, run this cmdlet on the Active Directory PowerShell window.

Import-CSV C:\Users.csv | New-ADUser

This cmdlet creates a set of objects, depending on the data contained in the CSV file. Next, it sends the results to the Active Directory module through the PowerShell pipeline.

If there are no errors, this cmdlet must import users to the Active Directory. On completion, verify if the data was imported.

Finally, you’ll have to join all the computers to the new or existing Active Directory, as the case may be, and provide user access and permission. Check if the users can log into their computers with the new Active Directory user account.

Third-party tools

Active Directory group membership
Shutterstock

There are many third-party tools, such as ADManager Plus, that can import users into the Active Directory. The biggest advantage of such tools is that they come with a neat user interface that hides the complexity of the import process. Obviously, there are no long command-line parameters to remember. The drawback is most are not free.

Most times, these tools are intuitive and self-explanatory. However, you’d need a CSV file with all the data in it.

And one older tool: Ldifde

If you are using older versions of Windows Server (some no longer supported), Ldifde is a built-in tool from Microsoft that helps to create, modify, and delete objects from the AD. With Ldifde, you can also export data from AD to other applications, import data into AD, extend its schema, and more.

This command-line tool runs on Windows Server 2003, 2008, 2008 R2, 2012, 2003 with SP1. You also need AD DS or AD LDS installed in your system.

How to run Ldifde

You must run this command from an elevated command prompt. For this, go to Start, right-click on the command prompt, and choose “Run as administrator.”

In your elevated command prompt, enter this command.

Ldifde [-i] [-f <FileName>] [-s <ServerName>] [-c <String1> <String2>] [-v] [-j <Path>] [-t <PortNumber>] [-d <BaseDN>] [-r <LDAPFilter>] [-p <Scope>] [-l <LDAPAttributeList>] [-o <LDAPAttributeList>] [-g] [-m] [-n] [-k] [-a <UserDistinguishedName> <Password>] [-b <UserName> <Domain> <Password>] [-?]

Let’s now look at each of these parameters.

Parameters

  • “I” stands for import. If you don’t mention this mode, the command will do the default mode of export.
  • “F” is the filename that contains the list of all the users.
  • “S” is the domain controller on which you want to import. By default, the domain controller is the one where Ldifde is installed.
  • “C” replaces “String1” with “String2.”
  • “V” sets the verbose mode.
  • “J” is the log path. If you don’t specify, the current path is the log path.
  • “T” is the LDAP port number. It is 389 by default.
  • “D” sets the base DN for export.
  • “R” creates an LDAP filter for export.
  • “P” sets the search scope. It can be Base, OneLevel, or SubTree.
  • “L” sets the list of attributes to return from an export query. By default, the command returns all attributes.
  • “O” is the list of attributes to omit during an export.
  • “G” omits paged search.
  • “M” omits attributes that are relevant only to AD objects.
  • “N” omits the export of binary values.
  • “K” ignores errors during import and continues the processing.
  • “A” runs the distinguished name and password you give.
  • “B” uses the supplied username, domain, and password.
  • “?” displays help if needed.

While you don’t have to use all these parameters, it’s always good to know what’s at your disposal. Choose the ones that are relevant to you to import users to the Active Directory.

Featured image: Shutterstock

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top