问题描述
我有两个域。其中生产。一个测试。还有就是两者之间没有信任。
I have two domains. One production. One testing. There is no trust between the two.
我可以导入所有用户对象和组对象成功地使用LDIFDE命令。当我尝试还包括组成员在我的导出/导入我似乎无法成功导入。
I can import all user objects and group objects successfully using ldifde commands. When I attempt to also include group members in my export/import I can't seem to successfully import.
下面是我曾尝试变化:
尝试1:
file format:
dn: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net
changetype: add
member: CN=USER1,OU=Users,OU=Managed,DC=dev,DC=net
member: CN=USER2,OU=Users,OU=Managed,DC=dev,DC=net
ldifde command used:
ldifde -i -k -f groupexp12072012-test.ldf -v
output:
Connecting to "DC"
Logging in as current user using SSPI
Importing directory from file "groupexp12072012-test.ldf"
Loading entries
1: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net
Add error on line 1: Object Class Violation
The server side error is "The object class attribute must be specified."
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
尝试2:添加在正确的对象类,以我的LDIFDE导入文件:
Attempt 2:Added in the correct objectClass to my ldifde import file:
file format:
dn: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net
changetype: add
objectClass: top
objectClass: group
member: CN=USER1,OU=Users,OU=Managed,DC=dev,DC=net
member: CN=USER2,OU=Users,OU=Managed,DC=dev,DC=net
ldifde command used:
ldifde -i -k -f groupexp12072012-test.ldf -v
output:
Connecting to "DC"
Logging in as current user using SSPI
Importing directory from file "groupexp12072012-test.ldf"
Loading entries
1: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net
Entry already exists, entry skipped
0 entries modified successfully.
The command has completed successfully
尝试3:删除现有的组对象,并使用相同的命令格式为尝试2:
Attempt 3:Deleted the existing group object and used the same command and format as "Attempt 2":
Connecting to "DC"
Logging in as current user using SSPI
Importing directory from file "groupexp12072012-test.ldf"
Loading entries
1: CN=Group-name,OU=Groups,OU=Managed,DC=dev,DC=net
Object does not exist, entry skipped
0 entries modified successfully.
所以,我坚持。显然,LDIFDE可以用来导入组成员 - 全体同仁说,它从来没有工作,但我无意中发现的说,否则MS物品;http://social.technet.microsoft.com/Forums/nl/winserverDS/thread/089a3f3b-617f-4c66-a3fc-be543d97a612
So I'm stuck. Apparently 'ldifde' can be used to import group members - all my colleagues say it has never worked but I stumble upon MS articles that say otherwise;http://social.technet.microsoft.com/Forums/nl/winserverDS/thread/089a3f3b-617f-4c66-a3fc-be543d97a612
然后,我栽倒在5 LDIFDE不支持更改组成员,您可以使用CSVDE或ADDUSERS.exe或DStools的Windows 2003版本。这里: http://support.microsoft.com/kb/555634
Then I stumble on "5. LDIFDE doesn’t support changing Group Membership. You can use CSVDE or ADDUSERS.exe or DStools for Windows 2003 Editions." here:http://support.microsoft.com/kb/555634
我是要疯了没有理由 - 我会永远成功使用LDIFDE
Am I going crazy for no reason - will I ever succeed using 'ldifde'?
编辑:是,我快要疯了没有任何理由。我的一个目标用户实际上是在一个不同的OU,我指定为LDIFDE。正因为如此,LDIFDE就干脆放弃,不添加任何成员到组。
edit: Yes, I was going crazy for no reason. One of my targeted users was actually in a different OU I was specifying for 'ldifde'. Because of this, 'ldifde' would just give up and not add any members to the group.
推荐答案
下面是一种将用户添加到现有组( LDIFDE -i -k -f AddGrpMember.ldf -v ):
Here is a way to add users to an existing group (ldifde -i -k -f AddGrpMember.ldf -v):
dn: CN=MonGrpSec,OU=MonOu,DC=dom,DC=fr
changeType: Modify
add: member
member: CN=jblanc,OU=MonOu,DC=dom,DC=fr
member: CN=Jean Paul Blanc,OU=MonOu,DC=dom,DC=fr
-
下面是一种方法来创建一个新的组成员( LDIFDE -i -k -f NewGrpWithMember.ldf -v ):
Here is a way to create a new group with members (ldifde -i -k -f NewGrpWithMember.ldf -v):
dn: CN=NewGrpSec,OU=MonOu,DC=dom,DC=fr
changeType: Add
objectClass: top
objectClass: group
CN: NewGrpSec
member: CN=jblanc,OU=MonOu,DC=dom,DC=fr
member: CN=Jean Paul Blanc,OU=MonOu,DC=dom,DC=fr
这篇关于如何导入使用“LDIFDE”一个团体的成员?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!