How to Bulk Modify Active Directory User

Attributes
Are you looking for a quick and easy solution to bulk modify Active
Directory user attributes?
Then you are in the right place.
In this post, I’m going to show you the AD Bulk User Update Tool that
makes it easy to bulk update active directory user attributes.
This is a GUI tool that updates AD user attributes from a CSV.
Let’s jump right into some examples:
1. Bulk Modify Users Office Attribute
2. Bulk Modify User Department and Title
3. Bulk Update User Employee ID and Employee Number
4. Bulk Remove User Attributes
5. Understanding LDAP Attributes (Cheat Sheet)

Example 1: Bulk Modify Users Office

Attribute
In this example, I’m going to mass update the department attribute for 100
users. If there is a value already present it will get updated.
The AD Bulk User Modify tool uses a CSV file to bulk modify Active
Directory user accounts. All you need is the users sAMAccountName and
the LDAP attribute you want to modify.
If you are not familiar with LDAP attributes you may want to jump to the
LDAP attributes section for a quick overview. I’ve created an LDAP cheat
sheet to quickly find the correct LDAP values.

Step 1: Setup the CSV File

The first column of the CSV file needs to be the sAmAccountName followed
by the list of users you want to modify. The next column needs to be the
attribute you want to modify followed by the value.
TIP: The Active Directory names do not always match the LDAP attribute
name. This is how Microsoft designed it. This can be confusing and is why I
created a cheat sheet showing the most common Active Directory names to
LDAP attribute names. See the end of this post for the cheat sheet.
Looking at the cheat sheet the LDAP attribute for office is
physicalDeliveryOffice.
You can see below I have my CSV file setup and ready to import. I’ll just
save it to my computer and move to step 2. (You can name the file whatever
you want it just needs to be a CSV file).

Step 2: Run AD Bulk User Modify Tool

Now the easy part.

Open the AD User Bulk Update tool, select the CSV file and click run.
As the tool runs through the CSV it displays the progress in the output box.
It’s really fast! It took about 10 seconds to update the office field for 100
users.

Step 3: Verify the changes

This is optional but to verify the change just add the office column to Active
Directory Users and Computers.
Now you can easily see your user accounts and the office field.
You can use PowerShell to verify the changes with this command.
Get-ADUser -filter * -Properties * | select name, office
Looks great!
I can see the test users account office attribute has been updated to the
value I set in the CSV file.

Example 2: Bulk Update User Department

and Job Title
In this example, I will update the department and title attribute at the same
time. You can modify as many attributes at once as you wish.
Again, if a value is already set it will be overwritten.
I look at the LDAP cheat sheet and see I need attributes department and
title.
Now, I’ll setup the CSV file.

Ready to go, I’ll open the tool, select the CSV file and click run.
The tool runs and makes the changes set by the CSV file.
Now I’ll verify the changes in ADUC.
To verify with PowerShell use this command
Get-ADUser -filter * -Properties * | select department, title
Perfect!
I just modified the department and job title for 100 users in 15 seconds.

Example 3: Bulk Update User Employee ID &

Employee Number
In this example, I’ll update the Employee ID & Employee Number values
for my 100 test accounts.
These two values only show up in the attribute editor, the values do not
show up on any of the tabs in Active Directory Users and Computers.
The LDAP attribute names are employeeID and employeeNumber.
I’ll update my CSV with the LDAP attribute name and set the values I want.
Now I’ll run the tool to update the attributes.
These two attributes are not available to add as a column in ADUC. So you
will need to use PowerShell to mass verify the changes.
Get-ADUser -filter * -Properties * | select name, employeeid, employeenumber
| sort name
Looks good. I can scroll down the list and see the 100 test accounts have
been updated.
In about a minutes worth of work, I just updated the employeeid and
employeenumber on 100 accounts.

Example 4: Bulk Remove User Attributes

The first three examples I showed you how to mass update user attributes
but what if you want to bulk remove user attributes?
No problem.
The process is almost the same, just add the LDAP attribute to the CSV and
for the value put remove.
I’ll remove the department and job title values for my 100 test accounts.
Now just run the tool, select the CSV and click run.
I’ll verify the changes in ADUC
Looks good the values have been removed.
To verify with PowerShell use this command.
Get-ADUser -filter * -Properties * | select department, title
Bonus! You can remove and update values at the same time.

Understanding the LDAP Attribute Names

(LDAP Cheat Sheet)
Active Directory stores details about objects such as users into LDAP
attributes. These attributes are basically a key value pair for example:
givenName = Robert
GiveName is the attribute name and Robert is the value.
This is the method Active Directory uses to store details about objects.
Here is where it gets a little confusing and is why I created the LDAP cheat
sheet.
The fields names you see in Active Directory Users and computers do not
always match the LDAP attribute name.
For example, in ADUC the First Name field has an LDAP attribute value of
giveName

Below is a table of the most commonly used ADUC fields and the LDAP
attribute mappings. I’ve grouped them based on the ADUC tabs General,
Address, Profile, Telephones, and Organization.
You can use this to quickly lookup what LDAP attribute name to setup in
the CSV file.

LDAP Attribute Cheat Sheet

This is a downloadable PDF.
The AD Bulk modify tool is not limited to the table above, again those are
just common fields. The AD Bulk Modify tool will update any LDAP
attribute.
You can use the attribute editor on any account to find other attributes you
may need to bulk update.
Screenshot of the attribute editor on an account, this lets you see all the
attributes.
You can also use PowerShell to view the LDAP attributes.
Change username to the account you want to view
Get-ADUser username -Properties *
Final Thoughts

There comes a time when every administrator faces the need to make bulk
changes to Active Directory user accounts. I have faced this challenge
several times and have struggled with it in the past. With the AD User Bulk
Update Tool this is no longer a problem myself or my team has to deal with.
This tool makes it very easy and saves a great amount of time when dealing
with modifying user accounts.
This tool is included in the AD Pro Toolkit. You can download a free trial
here.