ADBulkAdmin

更新时间: 2016年12月10日

ADBA-using-140x140ADBulkAdmin is a free tool for AD administrators to manage Active Directory users in bulk. You can use it to check a large number of users’ attributes, get users from OU, get members from Group, get all disabled users, get all locked out users, get users password expiration days, create a large number of AD users with specific attributes, unlock a large number of  users, reset a large number of  users’ passwords, enable or disable a large number of users, remove a large number of users, set a large number of users’ properties, check a large number of  groups, add a large number of  users to group or remove a large number of users from group, test users if using easy password, get user lock status on all the domain controllers.

https://youtu.be/3SJ8tjgEFaY

Prerequisite:

1. .net Framework 4.0 or higher.
2. Office 2007 or higher. Run ADBulkAdmin.exe in 32 or 64 bit Office folder according to your office version. With Office Excel, you can create a large number of users or set properties for users. If you are using Office 2016 and you can’t operate Excel, please download and install Microsoft Access Database Engine 2010 Redistributable from http://www.microsoft.com/en-US/download/details.aspx?id=13255  or Microsoft Access 2013 Runtime https://www.microsoft.com/en-us/download/details.aspx?id=39358
3. Files of the tool: ADBulkAdmin.exe, ADBulkAdmin.exe.config, users.xlsx, ADBATData.accdb. (You must not change the name of these files!)
4. User with necessary AD permissions, and run this tool as administrator.

Description:

Unzip the compressed file, make sure the tool ADBulkAdmin.exe, users.xlsx and ADBulkAdmin.exe.config are in the same folder. You can save ADBATData.accdb in the same folder or in a shared path with others. Run ADBulkAdmin.exe as administrator according to your Office version 32bit or 64bit. If your computer has already joined to domain or you run the tool on a domain controller, it can connect to a domain controller automatically, and then you can use it directly. If your computer has not joined to domain yet, you can connect to a domain controller by clicking “Settings”. You can specify the logpath, dcpath, select the attributes you want to check user, create new user or set user.

1. Check User: You can input samAccountName, userPrincipalName, mail or displayName to search user. If you select All, it will search all of these attributes and display all results match the value. You also can search via selecting one attribute. Each row with one user, and then you can get the users’ common attributes by clicking Run. I think you must know the common attributes of an AD user.

2. Get Users: Get users from OU, get members from Group, get all disabled users, get all locked out users, get password expiration days users.

3. New User: First select the attributes in Settings->NewUserAttr, then click Save to save the selected attributes to newuser sheet in users.xlsx. If you want to create new user to your specified OU path, you need to check OU in Settings-NewUserAttr and input the ou path like “ou=deptou,dc=domain,dc=com” to newuser sheet in users.xlsx, if not you must create an OU named “tempuserou” to store new users.Please input the users’ information into Sheet “newuser” in users.xlsx, if you don’t want to set the attributes, just leave the data cell blank. You must input the users’ samAccountNames, and then you can choose to input the other attribute values as your necessary. If you don’t set the Password value, the tool will use “abcD.1234″ as the default password, so you must think if it matches your password policy and you can customize a new password to meet your password policy by inputting the Password data.

For one important thing, if your computer doesn’t join to domain, or you don’t want the user’s UPN to use the default domain name, you must select UNP option in Settings->NewUserAttr and input the UPN value in the Sheet newuser. Then the user’s User Principle Name will be nilejiang@nile.com.

For proxyAddresses attribute, if you have selected to input this value in Setting->NewUserAttr, you have to split the multiple values with ‘,’ , like:

SMTP:niletest@abc.com,smtp:niletest@nile.com

Or

SMTP:niletest@abc.com

If you are using Exchange on-premises, this value should be generated automatically after you enable user’s mailbox, no necessary to input.

For the new user, its Name is the same to the Display Name, you can decide if user must change password at next logon by clicking “Settings->NewUserAttr->Force Password Change at Next Logon”.

For Manager, you need to input the manager’s samAccountName like nilejiang.

For HomeDrive, you just need to input the value like Z:

4. Unlock User: You can unlock users which are locked, just input the users’ samaccountnames in the textbox and click Run, it will unlock all the users. You can check if the users are locked by Check User feature, if the user is locked, its status will be locked and its color will be red.

5. Reset Password: You can reset a large number of users’ passwords to the same password by inputting the “Custom Pwd”, if not, the password will be reset to “abcD.1234″, and you can choose if user must change password at next logon.

6. Disable/Enable User: You can disable or enable a large number of users by Xable User feature, just input the user’s samAccountNames and choose “Disable User” or “Enable User”.

7. Remove User: You can remove users from AD by Remove User feature after you input the users’ samAccountNames.

8. Set Properties: Please select the attributes in Settings->SetUserAttr first, then click Save to save the selected attributes to setprop sheet in users.xlsx. You can input the attribute values of the user as necessary, if you don’t want to set the attributes, just leave the data cell blank, if you want to clear the attribute value, just input the word “clear” to the cell. The clear function is not used for “NewPassword”, “AccountExpires” and “NewOU”.

If you choose the attribute proxyAddresses, you have to split the multiple address values with ‘,’ , like:

SMTP:niletest@abc.com,smtp:niletest@nile.com

Or

SMTP:niletest@abc.com

If you are using Exchange on-premises, this value should be generated automatically after you enable user’s mailbox, no necessary to input.

9. Check Group: You can check the group common attributes with Check Group feature, just input the group’s samAccountName.

10. Add to Group: You can add a large number of users to a group by this feature. First input the users’ samAccountNames, then input the group’s samAccountName on the right side. You will get the result after clicking the button Run.

11. Remove from Group: It is the same to Add to Group. You can use it to remove a large number of users from a group.

12. Log View: Every operation you did with ADBulkAdmin will generate logs into the database file ADBATData.accdb. You can use Log View to check all the operations you did, and you can search logs by changing the search conditions.

13. Test Password: This is used for administrators to see if users are using too easy passwords, this feature is locked by default, if you need it please send email to me, maybe you need to pay a little.

14. Lockout&LastLogon: This is used to search user lockout status on all domain controllers, get user locked out time and so on.

15. Export to CSV: You can export any data in the datagridview to a CSV file.

We know that there are many attributes for an AD user, I just use the common attributes. If you want to customize some attributes according to your environment, please feel free to contact me. If you think this tool is helpful for you, please donate a little by clicking Donate. That would be a big encouragement.

There is a detailed manual in the compressed file. If you find any bugs or meet any problems, please send email to me.

If you want to customize features, please send email to me at nilejiang#gmail.com.

 

If you think this tool is helpful, please donate a little, 1, 5, 10, 15, 20…, any is OK! Thank you!

us $ USD                   europeanunion € EUR                  gb £ GBP                  au $ AUD                 ca $ CAD

donate             donate               donate             donate             donate

软件绿色免费,如有帮助,希望大家以实际行动支持,以下为微信捐助,谢谢!

ADBulkAdminDonate

Thanks for these friends’ donation:

Eveline Kuntjoro
Net Help Ltd.
Luis Espitia Carvajal
Matthew Dodson
菜牙
Alicia Pinto
Ronda Parker-Rice
Adam Guedry
Dan Compton
Flavio Croce
无昵称
气场
Kelly Davis
John Rosencutter
Ludovic Gaudillere
天涯
Jamal Juraimi
Lee

Suma
Shawn Haverly
Carlos Centeno
Hong Lin
Thomas Ladegard
GD Video Studio
Wolfgang Frick
Adam Scheblein
Benjamin Banks 

Tool screenshot:

1

Update History:

2013.1.23 v1.0.0.1

Add Lync and DN attribute in Check User feature to check if the user is enabled Lync and get the user’s OU path via DN.

2013.3.11 v1.0.0.2

Add account expires time attribute etc. and fix some small bugs.

2013.3.11 v1.0.0.3

Add telephoneNumber, mobile and description etc. to create new users and fix some small bugs.

2013.3.11 v1.0.0.4

Add password and mail attributes to create new users and set users.

2014.2.8 V1.0.0.5

Add new feature of specifying domain controller.

2014.2.16 V1.1.0.0

Enhance dc specify feature. Generate two versions for bothe 32bit office and 64bit office, fix some small bugs and exceptions.

2014.5.15 V1.1.0.1

Fix the bug of wrong result when adding to group or removing from group, add some new user attributes.

2014.8.26 V1.1.0.2

Select “User must change password at next logon” when creating new users and reseting user pasword.

2014.9.17 V1.1.0.3

Add the feature of recording and searching logs to Access database.

2014.11.4 V1.1.0.4

Add the feature that user can select attributes when checking users, creating new users and setting users, fix some small bugs.

2015.4.29 V1.1.0.5

Add Unlock User function and fix some small bugs, like reset name attribute when change Display Name, create user successfully when name includes “,” etc..

2015.5.1 V1.1.0.6

Add all the common AD user attributes to the tool when checking, creating and modifying users, can specify ou path when creating new users, fix some small bugs.

2015.8.12 V1.1.0.7

Add attributes employeeNumber and proxyAddresses for check users, create new users and set properties according to user’s requirement.

2015.8.17 V1.1.0.8

Add Check Update featue in About. It can check if there is a new version and can download the latest version.

2015.9.30 V1.1.0.9

Add some new attributes like ProfilePath, HomeDrive and HomeDirectory and so on. Add detail logs when operating. Fix some small bugs and make some optimizations like use samAccountName as cn when not input the DisplayName attribute.

2015.12.03 V1.1.0.10

Fix the bug that can’t open at the second time if your computer doesn’t join domain and you have specified a domain controller and save the settings. It works OK now.

2016.1.21 V1.1.0.11

Fix some small bugs, add Export to CSV feature, add Get Users Feature that get users from OU, get members from Group, get all disabled users, get all locked out users, get password expiration days users. Add Test Password feature, add search user Lockout and Lastlogon status on all domain controllers. Test Password and Lockout&LastLogon feature are locked by default, if you need it please send email to me, maybe you need to pay a little to unlock it.

2016.1.21 V1.1.0.12

Fixed Test Password bug, add whencreated and LogOnTo(userworkstations) attributes, add PasswordExpireDays to Lockou&LastLogon feature. Test Password and Lockout&LastLogon feature are locked by default, if you need it please send email to me, maybe you need to pay a little to unlock it.

2016.4.30 V1.1.0.13

Fixed the bug of profiepath when including %username% in the value. Add Logon Script attribute and Password Never Expires to NewUser and Set Properties feature. Add Password Never Expires to Reset Password feature.

2016.7.16 V1.1.0.14

Fixed a small bug that can not select all via Ctrl + A on Add to Group etc. Unlock Lockout&LastLogon for free.

2016.7.23 V1.1.0.15

Fixed the bug when create New User or Set Properties to the OU path which contains special character like “/”,  also for Check User feature.

2016.12.10 V1.1.0.16

Fixed a small bug, changed the Settings desgin, can add or remove the attributes to the list and sort the attributes, so that can check, create or set user attributes more easily.

 


Written by Nile Jiang
无猖狂以自彰,当阴沉以自深。
  1. Alan
    2013年5月17日14:47

    能不能提供在创建用户时就可以指定用户加入所在组的功能啊

  2. 2013年5月27日13:02

    @Alan
    其实创建完帐户再用Add to Group功能我觉得也挺方便的,我考虑考虑。

  3. David
    2013年6月25日10:49

    您好,请问在批量设置帐户属性:Set Properties的时候只能设置EXCEL表中定义好的属性字段吗?我想修改其它的属性,比如userWorkstations,提示设置成功,但是没有生效,不知为何、

  4. 2013年6月26日10:42

    @David
    是的,目前只支持设置表中所列的字段属性,这些是常见属性,其他的属性暂未做支持,如果需要定制功能的话,我们可以私下沟通一下。

  5. bigbird1985
    2014年9月30日16:24

    您好,能否可以自定义是否启用 “下次登录时需修改密码” 的功能? 因为有些账号是开设给一些不加域的用户使用, 而我们公司的邮件系统也不是exchange 2010及以上的版本, 谢谢.

  6. 2014年10月23日16:19

    @bigbird1985,稍后将发布新版本,可自行选择是否勾选此项。

  7. Chris
    2015年9月19日05:26

    I loaded the software. I was able to configure the DC path and connect to the domain controller with the administrator account. I am logged in as the administrator on the computer that is using the the software but when I try to upload a new user I am getting a An invalid DN syntax has been specified. Please sure you have permissions to create new users. The account I am using can create users in Active Directory. Is there something I am missing? Can it run remotely on the network or does it have to be run locally on the server? Any help you can provide would be appreciated.

    • 2015年9月21日09:47

      @Chris
      Did you input the new user’s DisplayName? If not, please input this value, it is one part of your new user’s DN in v1.1.0.8. I will fix it in v1.1.0.9. If it still doesn’t work, please send email to me.
      Best regards.

  8. Jim
    2015年10月22日15:48

    Hi Nile, 工具太棒了,谢谢。
    能否有办法通过邮件地址属性来查用户名及别的属性?

    • 2015年10月29日18:44

      Hi, @Jim
      谢谢!
      你是说在输入用户名的地址输入用户的邮箱地址来查询用户及属性吗?为什么不用这个唯一的samAccountName属性呢?
      方便的话可以发邮件具体沟通。

  9. Jim
    2015年11月11日15:48

    对,因为有时候别的部门用户/程序只有邮件地址这个信息,这时需要IT反过来查询用户名及属性告诉他们。谢谢。

  10. 2016年1月22日11:00

    @Jim
    新版本已经添加了通过显示名,邮箱地址等查询用户信息的功能。

  11. 2016年5月22日21:26

    感谢你及你的软件,good tools!

  12. ibaral
    2016年10月27日12:00

    Hi,
    I’m having a similar issue to Chris, I was able to edit the excel spreadsheet users to add all the info I want to create a new user, but whether I use a specific OU or use the default (tempuserou) it doesn’t work. I get the following error message:
    —————————
    Warning
    —————————
    A constraint violation occurred.

    Please make sure if you have permission to create new users!

    I’ve tried a lot of different things, is there something I’m missing?

    • 2016年10月28日04:13

      @ibaral

      I have sent email to you. I think there must be some attribute values violate your AD policy, like password length, and you also need to pay attention to the Manager and OU attributes, the value of Manager should be samAccountName, the OU path must exist.

      If it still not work, please send the users.xlsx file to me.

      Nile

  13. HLD
    2016年11月5日22:28

    Nile Jiang 您好!
    我在使用使一直提示未在本机注册“Microsoft.ACE.OLEDB.12.0”提供程序,下载了网上说的那个安装包也没用,请问怎么解决,谢谢!

    • 2016年11月7日02:14

      Hi HLD,
      发邮件给你了,一要注意根据Office版本(32位或64位)来运行对应文件夹下的程序。二是这种情况我发现主要发生在Office 2016下,可以尝试Access 2010或2013的引擎来解决问题。

      Nile

  14. han
    2016年11月10日22:06

    Nile Jiang:
    你好,关于UPN,目前的版本只能修改@后面的内容,是否可以完整定义UPN呢,比如zhangsan@abc.com

    • 2016年11月11日14:54

      Hi Han,

      目前表里的UPN是修改后面的域名,前面的部分就是你的samAccountName啊,如果想改前面就改samAccountName就行了,除非你是想让UPN @前面的用户名和samAccountName不一致?如果是这样只能单独为你定制了,但这样会为用户登录带来麻烦的,所以一般都是一致的。

      如有问题请再联系我,留言或发邮件!

      Nile

      • han
        2016年11月12日17:51

        我们的UPN @前面的用户名和samAccountName的确不一致,所以希望能够在excel内定义完整的UPN导入到AD

  15. Bolder
    2016年11月29日08:22

    I always get this error when trying to a new user into a group. Any ideas what went wrong?

    Add user ‘xxx’ to group ‘TestGroup’ failed, has existed!

  16. Bolder
    2016年11月29日08:24

    I always get this error when trying to add a user into group. Any ideas what went wrong?

    Add user ‘user1′ to group ‘TestGroup’ failed, has existed!

    • 2016年11月30日18:39

      @Bolder,

      Have you checked if the user user1 already added to the group TestGroup? How about trying to run Remove it from the group?

  17. DerekS.
    2016年11月30日07:28

    Hello,

    I don’t see that you’ve tested this on Server 2016…but after installing and setting up the DC, just running a “Get users from OU” results in:

    “The index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index”

    Most of the other functions work except the New User. I’ve entered users on the xlsx sheet but when I hit Run, I get:

    “Access is denied. Please make sure if you have permission to create new users”

    My account is a member of Domain/Enterprise/Schema Admins.

  18. DerekS.
    2016年11月30日07:38

    Looks like running the app as Administrator fixed the “Access is denied” error.

    • 2016年11月30日18:42

      @DerekS
      Yes, I haven’t tested on Server 2016. Does it work for you now? even on Server 2016?

  19. Maggai
    2016年12月5日23:49

    Hello,

    I need to add the attribute “BusinessCategory”. There are some possibility for this.

    Thanks for software. It is very important for me

  20. Glisit
    2017年3月5日15:10

    Hi,

    I love this tool and it’s very useful in managing users in bulk. Would it be possible to add additional attributes please?
    * ExtendedAttribute2
    * ExtendedAttribute3
    * ExtendedAttribute4
    * ExtendedAttribute5
    * UserPrincipalName

    Also, I am getting an error when pulling users – Syntax error (missing operator) in query expression. This is on Server2012R2 AD. It is not a fatal error as I get the list of users.

    Thank you so much for this tool and for your support.

    G

注意: 评论者允许使用'@user空格'的方式将自己的评论通知另外评论者。例如, ABC是本文的评论者之一,则使用'@ABC '(不包括单引号)将会自动将您的评论发送给ABC。使用'@all ',将会将评论发送给之前所有其它评论者。请务必注意user必须和评论者名相匹配(大小写一致)。