LDIFDE Bulk Modification

G

Guest

Hi,

Is it possible to run a ldf file to modify all the user objects within an OU?

dn: OU=Test,OU=Departments,DC=company,DC=com,DC=au
changetype: modify
replace: postOfficeBox
postOfficeBox: PO Box whatever
-

dn: OU=Test,OU=Departments,DC=company,DC=com,DC=au
changetype: modify
replace: streetAddress
streetAddress: Whatever Street
-

When I ran this ldf file it resulted with the following on screen error.
H:\My Documents>ldifde -i -f Test.ldf -s server
Connecting to "server"
Logging in as current user using SSPI
Importing directory from file "Test.ldf"
Loading entries..
Add error on line 7: Object Class Violation
The server side error is "An attempt was made to modify an object to include
an
attribute that is not legal for its class."
1 entry modified successfully.
An error has occurred in the program

Thanks
 
P

ptwilliams

I'm not sure you can do this. In your case you are trying to modify a value
for an OU that doesn't exist.

When I've done bulk changes like this, I've run a simple script that gets
the DN of each user within the scope of an LDAP query and writes the output
to an .ldf file in the necessary format. I've found this to be quite a
quick way of doing things.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Hi,

Is it possible to run a ldf file to modify all the user objects within an
OU?

dn: OU=Test,OU=Departments,DC=company,DC=com,DC=au
changetype: modify
replace: postOfficeBox
postOfficeBox: PO Box whatever
-

dn: OU=Test,OU=Departments,DC=company,DC=com,DC=au
changetype: modify
replace: streetAddress
streetAddress: Whatever Street
-

When I ran this ldf file it resulted with the following on screen error.
H:\My Documents>ldifde -i -f Test.ldf -s server
Connecting to "server"
Logging in as current user using SSPI
Importing directory from file "Test.ldf"
Loading entries..
Add error on line 7: Object Class Violation
The server side error is "An attempt was made to modify an object to include
an
attribute that is not legal for its class."
1 entry modified successfully.
An error has occurred in the program

Thanks
 
C

Cary Shultz [A.D. MVP]

Hello!

No, it is not possible. Well, not as you are attempting to do.

You would need to find the DN of each user account object that is located in
that OU. You would then have to modify that attribute's value for each and
every user account object in that OU.

You might want to look into ADModify for this. While I am a huge fan of
ldifde it is a bit cumbersome for things like this ( especially if you have
a ton of user account objects....sure, there are ways to make it less
cumbersome, but it can still be a bit of a chore! ). ADModify will do this
in about 8 seconds ( well, depending on how many user account objects there
are ).

Now, if you can script there should be no problem. But I guess that if you
could script then you wouldn't be asking about ldifde, right? ;-)

HTH,

Cary
 
L

lforbes

Cary Shultz A.D. M said:
Hello!

No, it is not possible. Well, not as you are attempting to
do.

You would need to find the DN of each user account object that
is located in
that OU. You would then have to modify that attribute's value
for each and
every user account object in that OU.

You might want to look into ADModify for this. While I am a
huge fan of
ldifde it is a bit cumbersome for things like this (
especially if you have
a ton of user account objects....sure, there are ways to make
it less
cumbersome, but it can still be a bit of a chore! ). ADModify
will do this
in about 8 seconds ( well, depending on how many user account
objects there
are ).

Now, if you can script there should be no problem. But I
guess that if you
could script then you wouldn't be asking about ldifde, right?
;-)

HTH,

Cary

message

Hi,

ADModify is good. I also have VBScripts. You will have to understand
and modify them though. http://www.sd61.bc.ca/windows2000

Cheers,

Lara
 
J

Joe Richards [MVP]

You could easily do this by combining adfind and admod, both available at
www.joeware.net...

For example

adfind -b OU=Test,OU=Departments,DC=company,DC=com,DC=au -f
"&(objectcategory=person)(objectclass=user)" -s one -dsq | admod
postofficebox::whatever -unsafe

That is all one line. If you want all subou's as well, remove the -s one. If you
want to make sure you did something incorrect, you can specify a safety limit
instead of saying unsafe, this will bail the whole command out if there are too
many, say -safety 100 will not do anything if more than 100 would be touched...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top