In this guide, I’ll show you how to use the AD Bulk updater tool to bulk reset user passwords in Active Directory.
The bulk user updater uses a CSV file to make bulk changes to user accounts. You could use the same password (not recommended) or provide a different password for each user.
You will need the username of each account that you want to reset. You could easily get a list using PowerShell or use the user export tool that is included with the bulk updater. With the export tool, you can quickly export all domain users, export from an OU or a group.
Let’s get started.
Step 1: CSV File Setup
Open the user bulk updater tool and click the Download CSV template button.
Now add the accounts to Column A and the password to Column B.
For this demo, I’m going to reset the password for all the users in my Accounting OU (51 user accounts). Here is a screenshot of my CSV file.
If you want to enable user must change password at next logon add a pwdLastSet column to the CSV and set it to 0.
I used an online tool to generate a bunch of random passwords. That is it for setting up the CSV. Easy stuff! Move to step 2.
Step 2: Run the Bulk updater tool
Open the tool then select your CSV template and click Run.
When the update is complete you can check the logs on the same screen for any errors.
Success! I just updated the password for 51 users and it was super fast.
In addition to managing user accounts the toolkit includes a bunch of user and computer reports. You can get user password expiration dates, users with expired passwords, bad password attempts, and so on. Check out the full list of included Active Directory Reports.
Bulk Password Reset Best Practices
There should be specific use cases for doing a bulk password reset. In my experience, this is not a common task. Here are a few best practices and use cases for doing a bulk password reset.
- Set a different password for each user. It is a huge security risk if every users has the same password (triple the security risk if you email the password to the users)
- Make sure your supervisor and the helpdesk know your doing a bulk password reset.
- Account compromised – If it was a single account that was compromised then a reset probably is not needed. If you know of multiple accounts that fell victim to a phishing email or some credential stealing virus then yes a bulk reset is needed.
- New account setup – Maybe something went wrong during the new account setup or you forgot what password you set.
- Do not set passwords to never expire
- Set a long password (12+ characters)
In this guide, I showed you how to use the bulk update tool to reset the password for multiple users. The bulk update tool comes with a CSV template that allows you to bulk update user account properties. In addition to resetting passwords, you can update users’ display name, email addresses, company, department, address, and more.