ScintillateRich
asked on
Editing multiple users in different OUs - Active Directory
Hello
I will need to edit multiple users in one go, but only need to change the "user must change password at next login" and the path to the users home directories.
If I highlight all users in a single OU I can right click the selection, click properties and make my changes accordingly. However, I need to make changes to all the users in the organisation, across all OUs.
If I run a user search at the top level of the domain it will list all the users for me. I can then highlight them all, but when I right click the selection the properties option is greyed out.
How can I prevent this from being greyed out? Or does anyone have any other ideas?
Any suggestions welcome.
Thankyou
Rich
I will need to edit multiple users in one go, but only need to change the "user must change password at next login" and the path to the users home directories.
If I highlight all users in a single OU I can right click the selection, click properties and make my changes accordingly. However, I need to make changes to all the users in the organisation, across all OUs.
If I run a user search at the top level of the domain it will list all the users for me. I can then highlight them all, but when I right click the selection the properties option is greyed out.
How can I prevent this from being greyed out? Or does anyone have any other ideas?
Any suggestions welcome.
Thankyou
Rich
yea you would need to do it via a script... or 3rd party software.
Hi ScintillateRich,
i have actually been writing a script do this exact thing, it is complex but if you are keen for it then i will post what i have done so far tomorrow, as far as this goes with AD itself i dont believe it can be done
i have actually been writing a script do this exact thing, it is complex but if you are keen for it then i will post what i have done so far tomorrow, as far as this goes with AD itself i dont believe it can be done
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you just DISABLE your current password policy, run a GPUPDATE /FORCE and then REENABLE the policy and run the GPUPDATE /FORCE again it should prompt everyone to change their password.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Hi
Yes please Jay_Jay70, would you be able to post the script?
I like the look of AD Modify, and this will help me with other administration, but it doens't look like you can use it to change passowrds.
Thanks
Rich
Yes please Jay_Jay70, would you be able to post the script?
I like the look of AD Modify, and this will help me with other administration, but it doens't look like you can use it to change passowrds.
Thanks
Rich
this was the site i built to play with scripting...
http://www.cruto.com/resources/vbscript/vbscript-examples/vbscript-sitemap.asp
its a tad slow but its nicer interface to ms example scripts for AD accounts. if you get stuck just send me an email and i will give you a copy of what i have done, i can post it here of course :)
Jay
http://www.cruto.com/resources/vbscript/vbscript-examples/vbscript-sitemap.asp
its a tad slow but its nicer interface to ms example scripts for AD accounts. if you get stuck just send me an email and i will give you a copy of what i have done, i can post it here of course :)
Jay
ASKER
Thanks for your response.
The trouble I'm having with AD Modify at the moment is that I can't actually get it to put a blank entry into the Home Folder local path. It's currently giving me this error:
<user UserDN="LDAP://CN=User Name,OU=01 Home Teams,DC=Domain,DC=Com" type="Failure" attribute="homeDirectory" message="ADMODIFY.ERR - The attribute syntax specified to the directory service is invalid." />
Any ideas?
Thanks
Rich
The trouble I'm having with AD Modify at the moment is that I can't actually get it to put a blank entry into the Home Folder local path. It's currently giving me this error:
<user UserDN="LDAP://CN=User Name,OU=01 Home Teams,DC=Domain,DC=Com" type="Failure" attribute="homeDirectory" message="ADMODIFY.ERR - The attribute syntax specified to the directory service is invalid." />
Any ideas?
Thanks
Rich
I don't know why you are getting that error message.
What are the reasons for setting it to be blank?
What happens if you leave that user out of the list, does it just fail again on the next user?
Make sure that you have only selected users and there are no other objects in the list.
In your initial question you said that you searched at the root of the doamin for users;
are you certain that there were only users in the list when you right clicked and the 'properties' was greyed out?
What are the reasons for setting it to be blank?
What happens if you leave that user out of the list, does it just fail again on the next user?
Make sure that you have only selected users and there are no other objects in the list.
In your initial question you said that you searched at the root of the doamin for users;
are you certain that there were only users in the list when you right clicked and the 'properties' was greyed out?
ASKER
Thanks for your message, mdidlio,
Yes, only users are selected. My intention is to clear the home directory so that no users have one specified.
Thanks
Rich
Yes, only users are selected. My intention is to clear the home directory so that no users have one specified.
Thanks
Rich
My opnion is that this just cannot be done.. You will need to have either third party tools to do this, go through all OU's to change the password or use the DS commadn line tool to change the properties of all users.
the command you should use is DSMOD.
Here's a link to it, only problem it is in dutch, but if you seek in google for DSMOD, you will find enough on how to use it..
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/nl/library/ServerHelp/8d37ecb0-ac28-4e05-aa05-da82dc36b54b.mspx?mfr=true
Good luck..