Active Directory Editor Help

---

Top of the Dialog

You will see3 pieces of information at the top of the screen/dialog

1. “Your domain” or the domain that the utility thinks it’s running in.
2. The name of the PDC emulator for that Domain.
3. A blank box that will contain the name of the attribute you have selected from the available attributes.

 

OU Path

To the right and upper middle is a box named “OU Path”. This contains the path to the OU containing your users.

NOTE: it derives this path by querying your username. So if your account is in a separate OU from the users you want

to change you will need change the path. You can just edit the line in this box and that will suffice.

Available Attributes

Here is the list of attributes available for you to change. These attribute are queried from your Active Directory so they will be unique to your environment. Select an attribute by highlighting it. The selected attribute will be displayed in the upper right top corner under “Selected Attribute”. This is the attribute that will be used for change or query operations.

Update Type

Next is the “Update Type”. Here you will select whether it is a query or change operation and whether you want to change one account or use a list of users.

 

 

 Single Account

Type the “userid” you want to query or change or select one from the dropdown list. You can type the first few characters and then click the dropdown button and you will be moved to that part of the list.

 

 

 Click on the Export button to create a text file named “users.txt” that contains every user id listed in the dropdown list.

  

Multiple Accounts

Enter the location of the text file you created with the user account you want changed. You can click the export button and use that list. You can also open the export list to see how you should have your list formatted.

NOTE: This field will appear disabled until you select “Change” from the next section.

 

 

 Use this button to find the “user-id” list if you are not going to use the default.

 

 Query or Change

These selections will determine if you are querying or change attribute values. If you select “Change” the “Use multiple values” checkbox will become available. This will be selected if your “user-id” list has different values for each user attribute.

 

 

Log Path for query/change

Here is the path to the log file, you can change this or just accept the default. You can open the log at any time by clicking on the “Open” button. Remember to shut it before you run any queries or changes.

 NOTE: All operations, query or change are logged here. You cant copy and paste from within the utility but you can from this log file.

 

   Next to the “Log Path” field is a button labeled “Open”. This will open the current log file.

 Value for Attribute

This is where you will enter the new value for the attribute you want to change. You will only use this for change operations and only if there are not “multiple values” involved.

 

 

Data Collection Results

This box will display the data collected from a query. You cannot copy and paste from this window but you can click on the “Open” button. View the log and copy and paste from there.

Pretty obvious, once you have your selections made click it for the results.

 

 Click it for this help file.

 

 Duh!

 So let’s query some data…

1. Open the utility.
2. Enter the user-id of one of your user accounts. This is the SAM name of the account, usually what you use to log in with.
3. Select an attribute form the available one’s in the column on the left.
4. Make sure your path to the users OU is correct. There should not be any commas in there. If it’s not correct you can change it right there in the OU path box.
5. Make sure you have the Query radio button selected.
6. Click on the “Run” button.
7. You r results will be displayed in the bottom box.
8. If you click the “Open button next to the log file path field you can see what was recorded to the log file.

 Make a change to Attribute Data

1. Leave all the fields the same or start again if you like. This time select something that wont cause any problems like the “streetaddress” attribute.
2. Run a query against it and see what you get back.
3. Now enter a new value for it in the “Value for Attribute” field. (if it was “555 someplace, California” change it to “777 somewhere”. We just want to test it so you can get a feel for the process.)
4. Select the radio button “Change” (you’ll notice it’s in red)
5. Make sure you haven’t selected “Multiple users”.
6. Click on the “Run” button.
7. Once the change has happened you’ll see a dialog letting you know it was successful.

 

 

8. Now open the log file and look to see that your change was logged.
   1. NOTE: This is very helpful when you’re changing more dangerous values like SID’s and the like. If you screw it up and the account is dead you can go to your log and set it back the way it was.

 

Make a change to many accounts at once

 There are 2 option here multiple accounts with the same attribute data or multiple accounts each with different attribute data.

 We’ll start with the first option.

1. So you want to change the address field a large number of user accounts. First you will need to create a list of users. It should look like the list diagram 3. 

 Diagram 3 – user list type 1

 

 

 

 

 

 

 

2. All the users should be listed as shown with a cr/lf after each one.
3. This should be the SAM account names.
4. Now enter the value for the change in the “Value for Attribute” field
5. Select the “Multiple Accounts” radio button.
6. Do not select the “Use multiple values” check box. (as shown in diagram 4)

Diagram 4 – Multiple account change same attribute value

 

 

7. In the “List of Users” filed enter the path to the file that contains the list of users. You can accept the default here if you want as long as it’s correct.
8. Click on the “Run” button.
9. You will see the “Change Successful” dialog when it completes.
10. You can open the log to confirm the changes if you like or you can query some of the different accounts to see the change.

 

The second option - Multiple values for the same attribute

1. So you want to change the address field a large number of user accounts AND enter different data for each one.  This may sound confusing so let’s go over it again. You have a list of user accounts to edit and let’s say you have selected the “streetAddress” attribute to change. You want a different address for every person.
2. First you will need to create a list of users. It should look like the list in diagram 5.

Diagram 5 – user list type 1

 

 

 

 

 

 

 

3. All the users should be listed with a space separating the userid and the data to enter into the attribute as shown, with a cr/lf after each line.
4. The userid’s should be the SAMaccount names.
5. The data can be whatever the attribute will accept.
6. Leave “Value for Attribute” field blank on the AD editor screen.
7. Select the “Multiple Accounts” radio button.
8. Check the “Use multiple values” check box. (as shown in diagram 6)

 

Diagram 6 - Multiple account changes different attribute values

 

9. In the “List of Users” filed enter the path to the file that contains the list of users. You can accept the default here if you want as long as it’s correct.
10. Click on the “Run” button.
11. You will see the “Change Successful” dialog when it completes.
12. You can open the log to confirm the changes if you like or you can query some of the different accounts to see the change.

Errors

 “1065: The distinguished name has an invalid syntax”

This is the one most common error that I have encountered with users of this utility. This is caused by the “OU path” being incorrectly formed. Although the utility will pull back what it thinks is the correct “Distinguished name” (actually it creates this from several pieces of information) there is always the possibility it will be incorrect. I have tried to account for the different ways engineers might configure there AD and how they are entering their names and so on. But I can’t account for every possible combination. SO YOU NEED to verify that the distinguished name is correct. The path as shown in diagram 7 is correct for my test domain.

Diagram 7 – Correct OU Path

  

Below in digram 8 you can see an incorrect path, notice the name “Chuck” with a comma after it. This wont work. There is no qualifier in front “Chuck” i.e., “OU=Chuck” . Most likely because the “name” attribute was stored with a comma in it.

Diagram 8 – Incorrect OU Path

 

 

To fix this just delete the “Chuck,” from “OU Path” and run it.

Changed path: LDAP://MCl0002/OU=Users,OU=Managed Objects,DC=testdomain,DC=com

 The best way to figure out your “Distinguished name” to your users container is to learn what a distinguished name is. There is a lot of info on the internet and MS books about this so look it up if you think this is your issue. Also there is a good tool called ADSIEDIT by Microsoft that you can download for free. The ADSIEDIT tool will divulge all of your paths.

 

**Please remember you must be a "local admin" or a member of the "local admins" group on the system you are running the tools from.