hidden hit counter
Help!

Importing users with CSVDE when password policy is set

 
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Active Directory RSS
Next:  Windows Network Deployment In Second Location  
Author Message
MPAI CITS
External


Since: Oct 05, 2006
Posts: 1



PostPosted: Thu Oct 05, 2006 9:51 am    Post subject: Importing users with CSVDE when password policy is set
Archived from groups: microsoft>public>win2000>active_directory (more info?)

Good day,

I have a Windows 2000 Domain and I’m trying to Import a list of new users
using the CSVDE tool. (NOTE: We did not export from a previous directory.
These are brand new users)

I have all the following attributes entered with their related values in a
CSV file:
DN,displayName,objectClass,SAMAccountName,userAccountControl,department,facsimileTelephoneNumber,mobile,physicalDeliveryOfficeName,telephoneNumber,title,streetAddress,l,company,co

I have Password Policies set using my Domain Security Policy.

I removed the policy by setting the various properties to “Undefined” and
replicated my domain controllers however when I try importing the accounts I
still get the following message:

Connecting to "(null)"
Logging in as current user using SSPI
Importing directory from file "HR_ADImport3.csv"
Loading entries.
Add error on line 2: Unwilling To Perform
The server side error is "Unable to update the password. The value provided
for
the new password does not meet the length, complexity, or history
requirement of
the domain."
0 entries modified successfully.
An error has occurred in the program

I saw an article http://support.microsoft.com/kb/555634/en-us which stated
“LDIFDE doesn’t support importing Passwords. To change user’s password you
need to convert from Plain Text to Base64 character. We can use a utility to
convert from Plain Text to Base64.”

How can I go about either importing the accounts with a default password or
removing my password policy (although I though I already did)

Looking forward to your assistance.

--
Regards,

- MPAI CITS
Back to top
Joe Richards MVP
External


Since: Dec 30, 2003
Posts: 936



PostPosted: Thu Oct 05, 2006 9:36 pm    Post subject: Re: Importing users with CSVDE when password policy is set [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Undefined doesn't unset the policy, it leaves whatever is currently in
place. Your problem is with setting UAC. If you have a password length
policy other than 0 and you set UAC a password must be specified and I
don't believe csvde will allow you to do that.


You may want to look at my admod, it will do CSV imports as well.

You would use a command something like

admod -csv -add -import -unsafe < csvfilename

The -unsafe is to tell it to add as many as are in the file. It is a
safety mechanism and will bomb out if more than 10 records by default,
you can also use -safety xx and specify a specific number that it could
allow or use -upto xx which means it will process lines up to the
specified value.

Oh ADMOD will allow you to specify the password too...

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


MPAI CITS wrote:
> Good day,
>
> I have a Windows 2000 Domain and I'm trying to Import a list of new users
> using the CSVDE tool. (NOTE: We did not export from a previous directory.
> These are brand new users)
>
> I have all the following attributes entered with their related values in a
> CSV file:
> DN,displayName,objectClass,SAMAccountName,userAccountControl,department,facsimileTelephoneNumber,mobile,physicalDeliveryOfficeName,telephoneNumber,title,streetAddress,l,company,co
>
> I have Password Policies set using my Domain Security Policy.
>
> I removed the policy by setting the various properties to "Undefined" and
> replicated my domain controllers however when I try importing the accounts I
> still get the following message:
>
> Connecting to "(null)"
> Logging in as current user using SSPI
> Importing directory from file "HR_ADImport3.csv"
> Loading entries.
> Add error on line 2: Unwilling To Perform
> The server side error is "Unable to update the password. The value provided
> for
> the new password does not meet the length, complexity, or history
> requirement of
> the domain."
> 0 entries modified successfully.
> An error has occurred in the program
>
> I saw an article http://support.microsoft.com/kb/555634/en-us which stated
> "LDIFDE doesn't support importing Passwords. To change user's password you
> need to convert from Plain Text to Base64 character. We can use a utility to
> convert from Plain Text to Base64."
>
> How can I go about either importing the accounts with a default password or
> removing my password policy (although I though I already did)
>
> Looking forward to your assistance.
>
Back to top
Brandon McCombs
External


Since: Sep 26, 2005
Posts: 84



PostPosted: Mon Oct 09, 2006 5:13 am    Post subject: Re: Importing users with CSVDE when password policy is set [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

MPAI CITS wrote:
> Good day,
>
> I have a Windows 2000 Domain and I'm trying to Import a list of new users
> using the CSVDE tool. (NOTE: We did not export from a previous directory.
> These are brand new users)
>
> I have all the following attributes entered with their related values in a
> CSV file:
> DN,displayName,objectClass,SAMAccountName,userAccountControl,department,facsimileTelephoneNumber,mobile,physicalDeliveryOfficeName,telephoneNumber,title,streetAddress,l,company,co
>
> I have Password Policies set using my Domain Security Policy.
>
> I removed the policy by setting the various properties to "Undefined" and
> replicated my domain controllers however when I try importing the accounts I
> still get the following message:
>
> Connecting to "(null)"
> Logging in as current user using SSPI
> Importing directory from file "HR_ADImport3.csv"
> Loading entries.
> Add error on line 2: Unwilling To Perform
> The server side error is "Unable to update the password. The value provided
> for
> the new password does not meet the length, complexity, or history
> requirement of
> the domain."
> 0 entries modified successfully.
> An error has occurred in the program
>
> I saw an article http://support.microsoft.com/kb/555634/en-us which stated
> "LDIFDE doesn't support importing Passwords. To change user's password you
> need to convert from Plain Text to Base64 character. We can use a utility to
> convert from Plain Text to Base64."
>
> How can I go about either importing the accounts with a default password or
> removing my password policy (although I though I already did)
>
> Looking forward to your assistance.
>


I got around this problem by turning off (or maybe I weakened the
password controls; it's been almost 2 years so I forget exactly) the
password controls and then in the csv file I specified a
userAccountControl value that made the accounts disabled by default
whenever they were created and I didn't specify a password either since
csvde doesn't support a password field. After the accounts were created
I went through and enabled all of them and executed a separate script
that we had created to set random passwords for each account. Then we
turned the password policy back to what it should be for operations.
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Active Directory All times are: Eastern Time (US & Canada)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum