By SuperUser Account on Tuesday, December 18, 2007 5:09 PM
Provides a step-by-step tutorial of how to make bulk changes using the ADModify tool
This article provides a step-by-step guide to making bulk changes to users in Active Directory using the ADModify.NET tool. I’ve tried to pick examples of typical changes made by organisations. The example used covers three scenarios:
For my test environment I created a new OU and populated it with 200 users using the CSVDE sample available here.
If you don’t have it already you can download the ADModify tool from http://www.codeplex.com/admodify/Release/ProjectReleases.aspx?ReleaseId=6065. The format of the download is a zip file and once downloaded you can simply extract the files to a folder, e.g. C:\Program Files\ADModify\.
To launch the application double-click ADModify.exe and select Modify Attributes.
On the main window in the Domain List use the drop down menu to pick the Distinguished Name of your domain, e.g. DC=North,DC=com.
In the Domain Controller List use the drop down menu to pick a DC, e.g. DCN1.north.com. I would recommend you avoid the DC that holds the PDC Emulator role as this tends to be heavily used.
We are only interested in User objects, so uncheck everything under Show Only except for Users.
In the Domain Tree List select Show Containers Only. This will speed up your selection.
Click the green arrow button and the domain tree should appear in the left hand pane. Browse through the tree to find the OU or container in which your users are located. Click Add To List> and the users should appear in the right-hand pane, as shown in the screenshot below.
Click Select All and Next>>. This will bring up the user properties pages, similar to the ones you see in Active Directory Users and Computers (DSA.MSC).
Changing the Display Name format
The Display Name is the name that appears in the Exchange Address Lists and is the one visible to Outlook clients when they browse the Address Book. In this example we want to change the Display Name format from FirstName LastName format to LastName, Firstname.
On the General tab, select Display Name and then click on LastName, FirstName (blue text). Do not click Go yet as we have other changes to make (see next section).
Adding a new secondary SMTP address
Probably the best way to add new seconday SMTP addresses is to use Exchange Recipient Policies. However, sometimes you just want to assign a new SMTP address to everyone within a particular OU. Because Exchange Recipient Policies are (in Exchange 2000 and 2003 at least) based on LDAP queries, you can’t select users within an OU as part of an LDAP query. ADModify allows you do this, which provides a nice workaround to the Recipient Policies limitation.
In this scenario we are going to add a new secondary SMTP address of FirstName.LastName@west.com. ADModify uses LDAP attributes as the values it works with, so the syntax required is %’givenName’%.%’sn’%@west.com.
Select the E-mail Addresses tab and then select Add SMTP Address:. Replace the default text %'mailNickName'%@ with the address you require, e.g. %’givenName’%.%’sn’%@west.co. Ensure Set as Primary is unchecked. Do not click Go yet as we have other changes to make (see next section).
Adding to group membership
A common requirement is to add a number of users as members of a group. Surprisingly, there is no easy way to do this using the native toolset. ADModify offers a quick and easy alternative to scripting and/or LDIFDE.
In this example we are going to add all of the users within our EMEA OU to the group named EMEA.
Select the Member Of tab and then select Add to Group:. Type the Distinguished Name of the group to which you want to add the users. If you need to find the Distinguished Name probably the easiest method is to use ADSIEdit to find the group and copy the distinguishedName attribute.
You can check whether the DN you enter is correct by clicking the Validate DN button.
Upon completion ADModify you will see a confirmation pop-up similar to the one below. Note that the UI closes immediately after completion (not a nice feature I don’t think) and you will need to restart if you need to make any further changes
You should then confirm the results independently by looking the XML output file as well as the transformed objects, using, e.g. Active Directory Users and Computers.
The screenshots below show examples of the successful changes on one of the user objects in the OU.
In the example used I’ve only really scratched the surface of capabilities of tool. In addition to the different properties tabs available in the UI, the tool offers features such as:
Reversal of changes made using ADModify.exe.
Command line version of the tool: ADModcmd.exe.
Export and import of mailbox rights. Note that this requires that you run ADModify on a computer with the Exchange System Management Tools installed.
In my experience ADModify doesn’t offer a complete replacement for the standard Microsoft toolset; nor does it offer the flexibility of ADSI scripting. Where it really excels is in providing a quick and easy method of making bulk changes to user objects.