AD Pro Toolkit User Guide
- Getting Started
- User Management
- Group Management
- Security Tools
- AD Reports
- Other Tools
- Troubleshooting
- Firewall Settings
- Audit Log Settings
Bulk Reset Password Active Directory
In this guide, you will learn how to bulk reset passwords in Active Directory using the AD pro Toolkit.
This method uses a CSV file with a list of user accounts and a password to change for each user. You could use the same password (not recommended) or provide a different password for each user.
You will need the username of each account that you want to reset. You could easily get a list using PowerShell or use the AD user export tool that is included with the bulk updater. With the export tool, you can quickly export all domain users, export from an OU or a group.
How to Reset Multiple Users Password in Active Directory
Step 1. Create a CSV file with a list of user accounts and a password column. (see example screen shot below).
- You can identify user accounts with SamAccountName, EmployeeID, EmployeeNumber or UserPrincipalName
- To force password change at next logon add the pwdLastSet column and set the value to 0.
Step 2. Open the AD pro Toolkit and select Bulk User Modification Tool
Step 3. Select your CSV file and click run.
CSV Example.
The Bulk user modification tool is located under User Management.
Success! I just updated the password for 19 users and it was super fast.
Video Demo
Below is a video demonstration of resetting passwords for multiple AD users.
Reset Password for All Users in an OU
In this example, I’ll show you how to reset the password for all users in an OU.
Step 1. Click on Export users and export the accounts from the OU.
Click browse, select the OU and click run.
Click export and select export to CSV.
Step 2. Modify the CSV File
- Remove all columns except sAMAccountName
- Add password column
- Optionally add a pwdLastSet column to force password change at next logon.
Step 3. Select CSV File and click run.
Bulk Password Reset Best Practices
There should be specific use cases for doing a bulk password reset. In my experience, this is not a common task. Here are a few best practices and use cases for doing a bulk password reset.
- Set a different password for each user. It is a huge security risk if every users has the same password (triple the security risk if you email the password to the users)
- Make sure your supervisor and the helpdesk know your doing a bulk password reset.
- Account compromised – If it was a single account that was compromised then a reset probably is not needed. If you know of multiple accounts that fell victim to a phishing email or some credential stealing virus then yes a bulk reset is needed.
- New account setup – Maybe something went wrong during the new account setup or you forgot what password you set.
- Do not set passwords to never expire
- Set a long password (12+ characters)
- Require users to change password at next logon.
Password Reports
In addition to managing user accounts the toolkit includes a bunch of user and computer reports. You can get user password expiration dates, users with expired passwords, bad password attempts, and so on. Check out the full list of included Active Directory Reports.
Summary
In this guide, I showed you how to use the bulk update tool to reset the password for multiple users. The bulk update tool comes with a CSV template that allows you to bulk update user account properties. In addition to resetting passwords, you can update users’ display name, email addresses, company, department, address, and more.