So let’s query some data…

1. Open the utility.
2. Enter the user-id of one of your user accounts. This is the SAM name of the account, usually what you use to log in with.
3. Select an attribute form the available one’s in the column on the left.
4. Make sure your path to the users OU is correct. If it’s not correct you can change it right there in the OU path box.
5. Make sure you have the "Query" radio button selected.
6. Click on the “Run” button.
7. Your results will be displayed in the bottom box.
8. If you click the “Open button next to the log file path field you can see what was recorded to the log file.

Make a change to Attribute Data

1. Leave all the fields the same or start again if you like. This time select something that won't cause any problems like the “streetaddress” attribute.
2. Run a query against it and see what you get back.
3. Now enter a new value for it in the “Value for Attribute” field. (if it was “555 someplace, California” change it to “777 somewhere”. We just want to test it so you can get a feel for the process.)
4. Select the radio button “Change” (you’ll notice it’s in red)
5. Make sure you haven’t selected “Multiple users”.
6. Click on the “Run” button.
7. Once the change has happened you’ll see a dialog letting you know it was successful.

8. Now open the log file and look to see that your change was logged.

a. NOTE: This is very helpful when you’re changing more dangerous values like SID’s and the like. If you screw it up and the account is dead you can go to your log and set it back the way it was.

Make a change to many accounts at once

There are 2 option here multiple accounts with the same attribute data or multiple accounts each with different attribute data.

We’ll start with the first option.

1. To change the address field a large number of user accounts. First you will need to create a list of users. It should look like the list diagram 3 on the next page.

Diagram 3 – user list type 1

2. All the users should be listed as shown with a cr/lf after each one.
3. This should be the SAM account names.
4. Now enter the value for the change in the “Value for Attribute” field
5. Select the “Multiple Accounts” radio button.
6. Do not select the “Use multiple values” check box. (as shown in diagram 4)

Diagram 4 – Multiple account change same attribute value

7. In the “List of Users” filed enter the path to the file that contains the list of users. You can accept the default here if you want as long as it’s correct.
8. Click on the “Run” button.
9. You will see the “Change Successful” dialog when it completes.
10. You can open the log to confirm the changes if you like or you can query some of the different accounts to see the change.

The second option - Multiple values for the same attribute

1. So you want to change the address field a large number of user accounts AND enter different data for each one. This may sound confusing so let’s go over it again. You have a list of user accounts to edit and let’s say you have selected the “streetAddress” attribute to change. You want a different address for every person.
2. First you will need to create a list of users. It should look like the list in diagram 5.

Diagram 5 – user list multiple values

3. All the users should be listed with a space separating the userid and the data to enter into the attribute as shown, with a cr/lf after each line.
4. The userid’s should be the SAMaccount names.
5. The data can be whatever the attribute will accept.
6. Leave “Value for Attribute” field blank on the AD editor screen.
7. Select the “Multiple Accounts” radio button.
8. Check the “Use multiple values” check box. (as shown in diagram 6)

Diagram 6 - Multiple account changes different attribute values

9. In the “List of Users” filed enter the path to the file that contains the list of users. You can accept the default here if you want as long as it’s correct.
10. Click on the “Run” button.
11. You will see the “Change Successful” dialog when it completes.
12. You can open the log to confirm the changes if you like or you can query some of the different accounts to see the change.

Errors 

1065: The distinguished name has an invalid syntax

This is the one most common error that I have encountered with users of this utility. This is caused by the “OU path” being incorrectly formed.

Although the utility will pull back what it thinks is the correct “Distinguished name” (actually it creates this from several pieces of information) there is always the possibility it will be incorrect. I have tried to account for the different ways engineers might configure there AD and how they are entering their names and so on.

But I can’t account for every possible combination. SO YOU NEED to verify that the distinguished name is correct. The path as shown in diagram 7 is correct for my test domain.

Diagram 7– Correct OU Path

 

Below in digram 8 you can see an incorrect path, notice the name “Chuck” with a comma after it. This wont work. There is no qualifier in front “Chuck” i.e., “OU=Chuck” . Most likely because the “name” attribute was stored with a comma in it.

Diagram 8– Incorrect OU Path

 

To fix this just delete the “Chuck,” from “OU Path” and run it.

Changed path: LDAP://MCl0002/OU=Users,OU=Managed Objects,DC=testdomain,DC=com

The best way to figure out your “Distinguished name” to your users container is to learn what a distinguished name is. There is a lot of info on the internet and MS books about this so look it up if you think this is your issue. Also there is a good tool called ADSIEDIT by Microsoft that you can download for free. The ADSIEDIT tool will divulge all of your paths.

**Please remember you must be a "local admin" or a member of the "local admins" group on the system you are running the tools from.

 Donations

I spend a lot of late nights building this site up and if it helps you or makes your job a little easier please think about making a donation to support it. Remember any donation small or large, 50 cents to 50 dollars is greatly appreciated.