Your company security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information.
You need to create user account in the domain by using the import.csv file.
You also need to ensure that the new user accounts are set to use default passwords and
are disabled.
What should you do?
A.
Modify the userAccountControl attribute to disabled. Run the csvde i k f import.csv
command. Run the DSMOD utility to set default passwords for the user accounts.
B.
Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv
command. Run the DSMOD utility to set default passwords for the user accounts.
C.
Modify the userAccountControl attribute to disabled. Run the wscript import.csv
command. Run the DSADD utility to set default passwords for the imported user accounts.
D.
Modify the userAccountControl attribute to disabled. Run ldifde -i -f import.csv command.
Run the DSADD utility to set passwords for the imported user accounts.
Explanation:
Personal note:
The correct command should be:
csvde – i -k -f import.csv
http://support.microsoft.com/kb/305144
How to use the UserAccountControl flags to manipulate user account properties
When you open the properties for a user account, click the Account tab, and then either
select or clear the check boxes in the Account options dialog box, numerical values areassigned to the UserAccountControl attribute. The value that is assigned to the attribute tells
Windows which options have been enabled.
You can view and edit these attributes by using either the Ldp.exe tool or the Adsiedit.msc
snap-in.
The following table lists possible flags that you can assign. You cannot set some of the
values on a user or computer object because these values can be set or reset only by the
directory service. Note that Ldp.exe shows the values in hexadecimal. Adsiedit.msc displays
the values in decimal. The flags are cumulative. To disable a user’s account, set the
UserAccountControl attribute to 0x0202 (0x002 + 0x0200). In decimal, this is 514 (2 + 512).
http://technet.microsoft.com/en-us/library/cc732101%28v=ws.10%29.aspx
Csvde
Imports and exports data from Active Directory Domain Services (AD DS) using files that
store data in the comma-separated value (CSV) format. You can also support batch
operations based on the CSV file format standard.
Syntax:
Csvde [-i] [-f <FileName>] [-s <ServerName>] [-c <String1> <String2>] [-v] [-j <Path>] [-t
<PortNumber>] [-d
<BaseDN>] [-r <LDAPFilter>] [-p <Scope] [-l <LDAPAttributeList>] [-o <LDAPAttributeList>]
[-g] [-m] [-n] [-k] [-a
<UserDistinguishedName> {<Password> | *}] [-b <UserName> <Domain> {<Password> | *}]
Parameters
-i
Specifies import mode. If not specified, the default mode is export.
-f <FileName> Identifies the import or export file name.
-k
Ignores errors during an import operation and continues processing.
http://technet.microsoft.com/en-us/library/cc732954%28v=ws.10%29.aspx
Dsmod user Modifies attributes of one or more existing users in the directory.
Syntax:
dsmod user <UserDN> … [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>] [-ln <LastName>] [-
display<DisplayName>] [-empid <EmployeeID>] [-pwd (<Password> | *)] [-desc
<Description>] [-office <Office>] [-tel
<PhoneNumber>] [-email <E-mailAddress>] [-hometel <HomePhoneNumber>] [-pager
<PagerNumber>] [-mobile <CellPhoneNumber>] [-fax <FaxNumber>] [-iptel
<IPPhoneNumber>] [-webpg <WebPage>] [-title
<Title>] [-dept <Department>] [-company <Company>] [-mgr <Manager>] [-hmdir
<HomeDirectory>] [-hmdrv
<DriveLetter>:] [-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-
canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires
<NumberOfDays>] [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p
{<Password> | *}][-c] [-q] [{-uc | -uco | -uci}]
Parameters
<UserDN>Required. Specifies the distinguished names of the users that you want to modify.
If values are omitted, they are obtained through standard input (stdin) to support piping of
output from another command to input of this command.
..
-pwd {<Password> | *}
Resets the passwords for the users that you want to modify as Password or an asterisk (*). If
you type *, AD
DS prompts you for a user password.