Problem solve Get help with specific problems with your technologies, process and projects.

Perform bulk Active Directory changes with ADModify

ADModify.NET is a great Active Directory tool that gives admins the ability to mass manipulate just about every property within user, group, contact and public folder objects.

Many administrators find themselves with the need to make modifications to multiple users at once using the same values. While Windows 2003 does have limited ability to modify multiple objects, it still lacks granularity and flexibility. For example, you can select and modify multiple users, groups or computers within Active Directory Users & Computers. Enter Microsoft's ADModify version 2.0. This tool, whose current version is referred to as ADModify.NET, gives administrators the ability to mass-manipulate just about every property within user, group, contact and public folder objects.

To make the case for ADModify, let me use a simple comparison of ADModify versus Active Directory Users & Computers (ADU&C) in a Windows Server 2003 Domain. Let's suppose we want to modify 100 users in one motion. With ADU&C, you would only be given 5 tabs from which to choose and a total of around 40 properties to manipulate. Groups are far worse; only a single property (the Description field) is available. If you were to use ADModify to modify those same 100 users, you would be given 17 tabs (including 3 Exchange 2000/2003-related tabs) and over 110 properties to modify! You can modify nearly every property found on the following property tabs:

General, Address, Account, Profile, Telephones, Organization, E-Mail Addresses, Remote Control, Member Of, Dial In, Exchange General, Exchange Features, Mailbox Rights, Environment Sessions, Terminal Services Profile, and Custom (for modifying the Exchange Custom Attributes properties).

Included with the possible manipulations are some very slick Add/Remove options. User's group memberships can be selectively added and removed, allowing admins to just remove all the selected users from a particular group, without the selected users having identical group memberships to begin with. SMTP Addresses can be added or removed using variables for values such as first name, last name and mail alias, allowing admins to remove old SMTP domain names, for example after a corporate merger where a new company name and domain name was adopted. The third add/remove option is Exchange Mailbox Rights. With this option you can not only grant or deny rights to a user's Exchange mailbox, but you can also export out these permissions for use in a migration to a new Exchange Organization (ADModify also has a feature to Import Mailbox Rights, giving you the other half of this feature set).

So, you can see how this tool provides you with enhanced capability to mass manage your Windows 2000/2003 (as well as some Exchange 2000/2003) object properties with ease. Should you make a mistake with your changes, not to worry! AdModify also has an Undo Changes feature; all changes are stored in an XML file and can be undone by selecting the XML file listing the original changes.

Overall, ADModify is a time-saving powerful (and free!) tool from Microsoft that will make modifying Active Directory objects a simple, fast and efficient task. You can download the latest version of ADModify at

Nick Cavalancia (MCSE, MCT, MCNE and MCNI) is the owner and principal consultant at Exchange Consultants (, a consulting firm specializing in the architecting of Active Directory and Exchange solutions.

Dig Deeper on Windows administration tools