CSVDE is a command-line utility for importing and exporting Active Directory objects from and to CSV text files (comma separated values) and Excel files. When you need to create, export, or transfer hundreds of AD users, the csvde utility is simply indispensable. When Windows Server is promoted to a domain controller and the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) roles are deployed, the csvde tool is automatically installed. Remote Server Administration Tools can be used to set up the tool (RSAT).
Simply enter this command in the command prompt to access all of the csvde utility’s parameters and syntax:
CSV Directory Exchange
General Parameters
==================
-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to (Default to DC of computer’s domain)
-v Turn on Verbose Mode
-c FromDN ToDN Replace occurences of FromDN to ToDN
-j path Log File Location
-t port Port Number (default = 389)
-u Use Unicode format
-h Enable SASL layer signing and encryption
-? Help
Export Specific
===============
-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to “(objectClass=*)”)
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for in an
LDAP search
-o list List of attributes (comma separated) to omit from input.
-g Disable Paged Search.
-m Enable the SAM logic on export.
-n Do not export binary values
Import
======
-k The import will go on ignoring ‘Constraint Violation’ and
‘Object Already Exists’ errors
Credentials Establishment
=========================
Note that if no credentials is specified, CSVDE will bind as the currently
logged on user, using SSPI.
-a UserDN [Password | *] Simple authentication
-b UserName Domain [Password | *] SSPI bind method
Example: Simple import of current domain
csvde -i -f INPUT.CSV
Example: Simple export of current domain
csvde -f OUTPUT.CSV
Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d “cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com”
-r “(objectClass=user)”
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
Let’s have a look at a few instances of how to use the CSVDE tool.
The following command will export all objects from the selected AD Organizational Unit, including all attributes:
csvde -f C:\PS\all_users.csv -d "ou=Users,OU=Paris,dc=solutionviews,dc=com" –uConnecting to “(null)”
Logging in as current user using SSPI
Exporting directory to file C:\PS\all_users.csv
Searching for entries…
Writing out entries
Export Completed. Post-processing in progress…
343 entries exported
The command has completed successfully
To export only user accounts, use the following filter with the –r parameter. Using the –l parameter, you can specify which user attributes should be exported to the csv file.
csvde -f C:\PS\all_users.csv -d "ou=Users,OU=Paris,dc=solutionviews,dc=com" -r "(&(objectcategory=person)(objectclass=user))" -l userPrincipalName,DN,objectClass,description,department,title,telefonNumber
In order to export all users with a specific name, use the filter:
-r (& (objectClass = User) (sn = Jackson))You can export this file to Excel and use it as a template for importing users into Active Directory. Create users.csv file with the following values:
objectClass sAMAccountName DN
user m.decker CN=Moritz Decker,OU=Users,OU=Munich,OU=DE,DC=solutionviews,DC=com
user m.decker1 CN=Moritz Decker1,OU=Users,OU=Munich,OU=DE,DC=solutionviews,DC=com
To bulk create users in AD, run the command:
Csvde -i -f C:\ps\new_users.csv –kConnecting to “(null)”
Logging in as current user using SSPI
Importing directory from file “C:\ps\new_users.csv”
Loading entries…….
6 entries modified successfully
The csvde created 6 new users in Active Directory.
Start the Active Directory Users and Computers (ADUC) snap-in and verify that there are new users in AD.
All user accounts are disabled. You can enable them manually or using the following PowerShell one-liner:
Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Users,OU=Munich,OU=DE,DC=solutionviews,DC=com" | Enable-ADAccountThe csvde tool can be used to migrate users from on-premises Active Directory to the Azure or AWS cloud using CSV text files.
The following are the primary disadvantages of csvde:
- Existing Active Directory objects cannot be edited, updated, or removed;
- You can only create new items when importing;
- User passwords cannot be changed or exported.
- SSL-encrypted connections to LDAP are not supported.
