Previous Topic: Command File Format - UsersNext Topic: Set the Default Group

Format Notes

When creating records in a command file, note the following:


A user’s email address. This can be any format, for example:


EX: /o=unipraxis/ou=uk/cn=spencer/cn=rimmel

Domino: cn=spencer rimmel/o=unipraxis

A command file can include multiple instances of this command for each user.

<attribute value>

This is the actual number or text associated with the current attribute. For example, the value for an employee ID attribute might be rimspe01. Enclose the text in double quotes if it includes spaces.


These correspond to the CA Data Protection attributes listed in the User Properties dialog. So attribute1 updates the value for the first attribute listed; attribute2 updates the value for the second listed attribute, and so on.

If you omit any numbered attributes from the CSV file, the corresponding attribute values remain unchanged for the CA Data Protection user.

You can also reference an attribute using the following syntax:

attribute:<attribute name>
attribute <attribute name>

Note: A single space character is used to separate the 'attribute' keyword from the attribute name.

<current group>

This is the path of the group you want to move. The path is delimited by forward slashes and is relative to the current user’s management group.

<full user name>

The display name that appears in the Summary tab. Enclose the name in double quotes if it includes spaces, for example, "Lynda Steel".

<group name>

This is the name of the new group. No path is needed, for example, Marketing.

<management group>

This a management group assigned to the specified user. Users can have multiple management groups. The path is delimited by forward slashes and is relative to the management group of the administrator running Account Import.

Note: The group must already exist. You cannot assign management groups that fall outside of your own management group.

<parent group>

This is the path of the group into which you want to add or move a user or another group. The path is delimited by forward slashes and is relative to the current user’s management group. See the example group paths and group name requirements in the following sections.

Important! You need to be aware that moving groups can cause security issues and unintended changes to policy—see the Administration console online help; search for ‘groups, move users between groups’.


The new password assigned to the specified user.


This is the role assigned to the CA Data Protection user. You can specify the role name or number. The default roles are:

Administrator or 1

Manager or 2

User or 3

"Policy Administrator" or 4

Reviewer or 5

UserRole1 or 6

UserRole2 or 7

Role names are not case-sensitive, but you do need to enclose the role in double quotes if the role name contains spaces.

Also, the administrative privileges granted to each imported user comprise only those privileges common to both the specified role and the user running the wizard. In effect, the user running the wizard can only grant privileges which they hold themselves:

Account Import administrative privileges

1 The default administrative privileges assigned to a role.

2 Privileges granted to the imported user.

3 Privileges currently granted to the user running the wizard.

<user name>

The name used by the CA Data Protection user account.

If your CMS uses Microsoft Windows user authentication to automatically generate new user accounts, this user name must be prefixed with the domain and a backslash separator, for example, unipraxis\srimmel.

More information:

Group and User Name Requirements