Tip

Perform bulk Active Directory changes with ADModify

Nick Cavalancia, Contributor
Many administrators find themselves with the need to make modifications to multiple users at once using the same values. While Windows 2003 does have limited ability to modify multiple objects, it still lacks granularity and flexibility. For example, you can select and modify multiple users, groups or computers within Active Directory Users & Computers. Enter Microsoft's ADModify version 2.0. This tool, whose current version is referred to as ADModify.NET, gives administrators the ability to mass-manipulate just about every property within user, group, contact and public folder objects.

To make the case for ADModify, let me use a simple comparison of ADModify versus Active Directory Users & Computers (ADU&C) in a Windows Server 2003 Domain. Let's suppose we want to modify 100 users in one motion. With ADU&C, you would only be given 5 tabs from which to choose and a total of around 40 properties to manipulate. Groups are far worse; only a single property (the Description field) is available. If you were to use ADModify to modify those same 100 users, you would be given 17 tabs (including 3 Exchange 2000/2003-related tabs) and over 110 properties to modify! You can modify nearly every property found on the following property tabs:

General, Address, Account, Profile, Telephones, Organization, E-Mail Addresses, Remote Control, Member Of, Dial In, Exchange General, Exchange Features, Mailbox Rights, Environment Sessions, Terminal Services Profile, and Custom (for modifying

    Requires Free Membership to View

the Exchange Custom Attributes properties).

Included with the possible manipulations are some very slick Add/Remove options. User's group memberships can be selectively added and removed, allowing admins to just remove all the selected users from a particular group, without the selected users having identical group memberships to begin with. SMTP Addresses can be added or removed using variables for values such as first name, last name and mail alias, allowing admins to remove old SMTP domain names, for example after a corporate merger where a new company name and domain name was adopted. The third add/remove option is Exchange Mailbox Rights. With this option you can not only grant or deny rights to a user's Exchange mailbox, but you can also export out these permissions for use in a migration to a new Exchange Organization (ADModify also has a feature to Import Mailbox Rights, giving you the other half of this feature set).

So, you can see how this tool provides you with enhanced capability to mass manage your Windows 2000/2003 (as well as some Exchange 2000/2003) object properties with ease. Should you make a mistake with your changes, not to worry! AdModify also has an Undo Changes feature; all changes are stored in an XML file and can be undone by selecting the XML file listing the original changes.

Overall, ADModify is a time-saving powerful (and free!) tool from Microsoft that will make modifying Active Directory objects a simple, fast and efficient task. You can download the latest version of ADModify at http://workspaces.gotdotnet.com/ADModify.

Nick Cavalancia (MCSE, MCT, MCNE and MCNI) is the owner and principal consultant at Exchange Consultants (www.exchangeconsultants.com), a consulting firm specializing in the architecting of Active Directory and Exchange solutions.

This was first published in December 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.