Appendix E Cisco Secure ACS Command-Line Database Utility
User and AAA Client Import Option
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
ONLINE or OFFLINE StatementCSUtil.exe requires an ONLINE or OFFLINE token in an import text file. The file
must begin with a line that contains only a ONLINE or OFFLINE token. The
ONLINE and OFFLINE tokens are described in Tab le E-1.
ADD StatementsADD statements are optional. Only the ADD token and its value are required to
add a user to Cisco Secure ACS. The valid tokens for ADD statements are listed
in TableE-2 on page E-17.
Note CSUtil.exe provides no means to specify a particular instance of an external
user database type. If a user is to be authenticated by an external user database
and Cisco Secure ACS has multiple instances of the specified database type,
CSUtil.exe assigns the user to the first instance of that database type. For
example, if Cisco Secure ACS has two LDAP external user databases
configured, CSUtil.exe creates the user record and assigns the user to the
LDAP database that was added to Cisco Secure ACS first.
TableE-1 ONLINE/OFFLINE Statement Tokens
Token Required Value
Required Description
OFFLINE must be
—The CSAuth service remains active while CSUtil.exe
imports the text file. CSUtil.exe performance is slower
when run in this mode, but CiscoSecure ACS continues to
authenticate users during the import.
OFFLINE must be
—The CSAuth service is stopped while CSUtil.exe imports
the text file. Although CSUtil.exe performance is fastest in
this mode, no users are authenticated during the import.
If you need to import a large amount of user information
quickly, consider using the OFFLINE token. While
performing an import in the OFFLINE mode stops
authentication during the import, the import is much faster.
For example, importing 100,000 users in the OFFLINE
mode takes less than one minute.