2008.09.19 19:13:44
Watch for these AD Custom Attribute Part 2
issam
I received many requests to expand on one of my article called Watch for these AD Custom Attributes. In such article I listed the four steps that one can take to address the scenario described. These four steps are:
1-      Export the custom attribute DepartmentNumber data to a file
2-      Rename departmentNumber attribute to something like customerDeaprtmentNumber
3-      Run AD forestPrep  
4-      Import the information back to the DepartmentNumber attribute
In the previous article I included detail instructions to carry the second step. In this article I will include detail on what I did to address the first and forth steps.
These is several ways to export the custom attribute DetartmentNumber data, the easiest is to use the following LDIFDE command:
ldifde -f DeptNumberData.ldf -s DCname -d "DomainName" -p subtree -r "(&(objectCategory=person)(objectClass=User)(sAMAccountName=*))" -l departmentNumber
 
Where DCname is the name of the domain controller to carry the operation and DomainName is the name of your domain such as DC=xyz,DC=com. The above LDIFDE command will create a file called DeptNumber.ldf that contains all users with the DepartmnetNumber data. The file will look something like:
dn: CN=MyCN1,OU=TESTOU,DC=XYZ,DC=com
changetype: add
departmentNumber: 07
 
dn: CN=MyCN2,OU=TESTOU,DC=XYZ,DC=com
changetype: add
departmentNumber: 19  
 
Once you exported all the data, you can use the LDIFDE script included in Part 1 to rename departmentNumber attribute to CustomerDepartmnetNumber. Now your ADPrep procedure should work without any error. The ADPrep will now create a new attribute called DepartmentNumber. Once such step is concluded you need to import your data back to department number.
There are many ways you can do that. What I did was to use DeptNumber.ldf created in step one to populate departmentnumber back with the right data. Before you can do that you need to massage the information within the file to look like:
 
dn: CN=MyCN1,OU=TESTOU,DC=XYZ,DC=com
changetype: modify
replace: departmentNumber
departmentNumber: 07
-
 
dn: CN=MyCN2,OU=TESTOU,DC=XYZ,DC=com
 
changetype: modify
replace: departmentNumber
departmentNumber: 19
-
Once you modify the file you can import it back to AD using the following LDIFDE command:
            ldifde -i -f ModifyUsers.ldf
Where ModifiedUsers.ldf is the name of the new file created after massaging the original file
 
Hope that’s help
Issam Andoni


Tags: LDIFDE | ACtive Directory | Custom Attribute | Schema


Reply this post
Username:

E-mail:

  Enter text shown in left: