Are you looking for a quick and easy solution to bulk modify Active Directory user attributes?
Then you are in the right place.
In this post, I’m going to show you the tool I created that will quickly modify, update or remove AD user attributes in bulk.
This is a GUI tool that updates AD user attributes from a CSV.
The best part!
Anyone can use it, it doesn’t require PowerShell knowledge or any other command line kung fu.
Let’s jump right into some examples:
Example 1: Bulk Modify Users Office Attribute
In this example, I’m going to mass update the department attribute for 100 users. If there is a value already present it will get updated.
The AD Bulk User Modify tool uses a CSV file to bulk modify Active Directory user accounts. All you need is the users sAMAccountName and the LDAP attribute you want to modify.
If you are not familiar with LDAP attributes you may want to jump to the LDAP attributes section for a quick overview. I’ve created an LDAP cheat sheet to quickly find the correct LDAP values.
Step 1: Setup the CSV File
The first column of the CSV file needs to be the sAmAccountName followed by the list of users you want to modify. The next column needs to be the attribute you want to modify followed by the value.
TIP: The Active Directory names do not always match the LDAP attribute name. This is how Microsoft designed it. This can be confusing and is why I created a cheat sheet showing the most common Active Directory names to LDAP attribute names. See the end of this post for the cheat sheet.
Looking at the cheat sheet the LDAP attribute for office is physicalDeliveryOffice.
You can see below I have my CSV file setup and ready to import. I’ll just save it to my computer and move to step 2. (You can name the file whatever you want it just needs to be a CSV file).
Step 2: Run AD Bulk User Modify Tool
Now the easy part.
Just open the AD Bulk User Modify Tool, browse and select the CSV file.
Once you have imported the CSV you will see in the logs that it has successfully imported.
Now just click the run button to process the CSV.
You will see a progress bar so you can track the progress.
Once it’s done processing the progress bar will close.
That’s all there is to it. Very easy right?
Step 3: Verify the results
This is optional but follow these steps to verify the changes.
You can open each account in ADUC to see the changes but that can be very time consuming if you updated a lot of accounts.
With PowerShell, we can quickly verify the changes and filter the results to display only the values changed.
Get-ADUser -filter * -Properties * | select name, office
I can see the test users account office attribute has been updated to the value I set in the CSV file.
Example 2: Bulk Update User Department and Job Title
In this example, I will update the department and title attribute at the same time. You can modify as many attributes at once as you wish.
Again, if a value is already set it will be overwritten.
I look at the LDAP cheat sheet and see I need attributes department and title.
Now, I’ll setup the LDAP attributes and values in the CSV.
Ready to go, now I’ll import the CSV file into the AD Bulk User Modify tool and click run
Once it’s complete I’ll run a PowerShell command to verify everything has been updated correctly.
Get-ADUser -filter * -Properties * | select department, title
I just updated 100 users department and job title with ease!
Example 3: Bulk Update User Employee ID & Employee Number
In this example, I’ll update the Employee ID & Employee Number values for my 100 test accounts.
These two values only show up in the attribute editor, the values do not show up on any of the tabs in Active Directory Users and Computers.
The LDAP attribute names are employeeID and employeeNumber.
I’ll update my CSV with the LDAP attribute name and set the values I want.
Now I’ll import and click run.
Once it has completed I’ll verify the changes with the below PowerShell command.
Get-ADUser -filter * -Properties * | select name, employeeid, employeenumber | sort name
In about a minutes worth of work, I just updated the employeeid and employeenumber on 100 accounts.
Example 4: Bulk Remove User Attributes
The first three examples I showed you how to mass update user attributes but what if you want to bulk remove user attributes?
The process is almost the same, just add the LDAP attribute to the CSV and for the value put remove.
I’ll remove the department and job title values for my 100 test accounts.
Now just import and run with the AD Bulk Modify Tool.
I’ll verify the values have been removed with the below command
Get-ADUser -filter * -Properties * | select department, title
The values have been removed.
Bonus! You can remove and update values at the same time.
Understanding the LDAP Attribute Names (LDAP Cheat Sheet)
Active Directory stores details about objects such as users into LDAP attributes. These attributes are basically a key value pair for example:
givenName = Robert
GiveName is the attribute name and Robert is the value.
This is the method Active Directory uses to store details about objects.
Here is where it gets a little confusing and is why I created the LDAP cheat sheet.
The fields names you see in Active Directory Users and computers do not always match the LDAP attribute name.
For example, in ADUC the First Name field has an LDAP attribute value of giveName
Below is a table of the most commonly used ADUC fields and the LDAP attribute mappings. I’ve grouped them based on the ADUC tabs General, Address, Profile, Telephones, and Organization.
You can use this to quickly lookup what LDAP attribute name to setup in the CSV file.
LDAP Attribute Cheat Sheet
|Name in ADUC||ADUC Tab||LDAP Attribute Name|
The AD Bulk modify tool is not limited to the table above, again those are just common fields. The AD Bulk Modify tool will update any LDAP attribute.
You can use the attribute editor on any account to find other attributes you may need to bulk update.
Screenshot of the attribute editor on an account, this lets you see all the attributes.
You can also use PowerShell to view the LDAP attributes.
Change username to the account you want to view
Get-ADUser username -Properties *
That’s a wrap!
This tool is only $19 click here to buy it now
What questions do you have?
Recommended Tool: SolarWinds Server & Application Monitor (SAM)
This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.