How to Manage User Accounts in Active Directory. Part 5: Modifying Several Users in Bulk
Users are one of the most popular objects in AD. They are used for authentication and authorization on workstations. Also, in many services which are integrated with AD. User management is the main routine for sysadmins and helpdesk specialists. This guide helps to manage such objects in multiple ways. For managing users there is a need to install RSAT tools or manage them from your DC. You have to be signed under domain admin or an Account Operators user or with delegation rights to create objects in the current OU.
How to Modify Several Users in Bulk
Sometimes there is the need to modify one attribute for multiple objects. Modifying multiple objects at once is slightly different task from editing a single user, and there are several ways to achieve that.
Modify Several Users at Once Using ADUC
ADUC is great when you need simple filters to group users by certain criteria. It has selection mechanism, for example you can select multiple different users with Ctrl button pressed or a chunk with Shift button pressed. You can also easily select all users in an OU or container by pressing Ctrl + A.
So, you need to change some settings in multiple user accounts, let’s do that with AD:
In ADUC (dsa.msc) locate the OU that fits your needs. Select the user objects while the Shift button being pressed. Rightclick all these objects and select Properties.
Change the given attributes according to your needs and click OK.
Modify Several Users at Once Using Active Directory Administrative Center
The ADAC differs from ADUC by providing additional filters.
Run ADAC and select the OU to use as the base scope for the filter.
Expand the top bar by clicking on little arrow button at top right corner. Click the Add criteria button:
Add the criteria you want to use such as "Users with expired passwords" or you can create a filter by one of the attributes. Select the filter and click Add to load it. You can use matches such as starts with, equals, does not equal, is empty, and is not empty.
After you receive the list of objects based on your filter press Ctrl+A to select all of them and click Properties.
Change attributes that you want to modify and click OK.
Modify Several Users at Once Using Windows PowerShell
Filter customization in PowerShell is more advanced, it is best used to modify multiple user objects, repeatedly.
In our example we will filter all accounts with name starting with “admin” and enable “Prevent from accidental deletion” for all these accounts:
Get-ADUser -ldapfilter "(sAMAccountName=admin*)" | Set-ADObject - ProtectedFromAccidentalDeletion $true