Modify Active Directory Users Properties/Attributes by Import CSV
ADManager Plus provides the ability to modify Active Directory user accounts by just importing a CSV file which contains the list of users and the corresponding attributes to be modified. This option can also be used to move multiple users from their current location /container (OU) to another.
While the modify users via CSV import feature allows you to move users who are located in different OUs ) in the domain, to the desired OUs(that is, if there are say 50 users being moved, all these users can be located in 5 different OUs and need not be from the same OU), the move users feature in 'Bulk User Management', allows you to move users who are located within any particular/specific OU to another OU.
To modify users via CSV import,
- Select the AD Mgmt tab.
- Click the Modify users link under CSV import.
- Import the CSV file and click OK. Sample CSV file.
Note: If you wish to move user accounts using this feature, the CSV file must contain the OU name. That is, for the user accounts to be moved, the CSV file must contain the LDAP attribute 'ouName' as the header, and the target container (OU) as its value.
- This will list all users and their attributes.
- Click the Update in AD button
- In the Select Attributes window that opens up, select the attributes that you wish to modify, specify the criteria to locate the desired user accounts in AD and select the appropriate options in Advanced Options tab.
- If you select the attribute 'ouName' from the ones displayed, the user accounts will be moved to the new container (OU) that is specified in 'ouName' attribute.
- If there is no such container in the Active Directory, as mentioned in the value for 'ouName' attribute, ADManager Plus will create a new container with the name specified in 'ouName', and then move the corresponding user accounts to this new container.
- Click OK to update the changes to user accounts in AD
Know these Tabs:
Change Headers: Click this will link if you wish to change the attributes (eg.given name to sn).
Update in AD:
A pop-up displays all the LDAP Attributes provided in your CSV. Select the ones that you wish to modify in the Active Directory, and click the "OK" button.
Click the "Show" link and specify a criteria for locating the desired user accounts in AD.
To have Useraccountcontrol attribute in CSV : While modifying users using CSV, if you want to turn-on/remove a particular accounts flag then give the input value for that flag (useraccountcontrol) as a semicolon separated value.
The syntax is as follows:
Example: Consider a csv file as shown below:
For user1, the property flag with value 514 (Disabled account) will be set, i.e., user1 will be a disabled account.
For user2, the property flag with value 512 (Normal account) will be set and property flag with value 2 (Account disable) will be removed. Thus user2's normal account properties will be enabled.
For user3, the property flag with value 2 (Account disable) will be removed. As user3's disable flag is removed, user3 will be enabled.
For detailed information on these, click http://support.microsoft.com/kb/305144
To have memberOf attribute in CSV : A user can be a member of more than one group, to support
multiple values Distinguished Name (DN) of the groups should be separated by semicolon (;).
To have accountExpires attribute in CSV :While modifying the 'accountExpires' value of an user account, provide the desired value in "MM-dd-yyyy" format.
Match Criteria for users in AD:
This option helps you to accurately locate the user accounts that you wish to modify by using any specific LDAP attribute or a combination of LDAP attributes, as needed.
To specify the attributes based on which you wish to locate the users, click the show link and select the desired attributes.
For example, consider that you have two users with the name "John Smith"
in your office and you want to update one of them. This option helps to
identify the correct 'John Smith' uniquely by providing one or more LDAP attributes which are
specific to that user.
The CSV import feature offers the following options which allow you to modify the user accounts exactly the way you need:
- Append values: By selecting this option, you can append the values imported from the CSV file to the existing values of an attribute in AD. When this option is not selected, the existing values in AD will be replaced with the ones imported from the CSV file. This option is applicable only to the multivalued attributes.
- Clear attribute value in AD if its value in CSV is empty: If this option is selected, the existing value of an attribute in AD will be cleared if the CSV file does not contain any value for it. If this option is not selected, the existing AD value will remain untouched if the CSV file does not contain any value for it.
- First create a CSV with all the updated information and then start the process.
- It is recommended to give a unique value attribute like samaccountname, distinguishedname, userprincipalname to the users
- If Multiple users match the same criteria then the users names will be appended by numbers starting from the number specifies the users with same name but distinguishes them by number.
- The modifications done on UserAccountControl attributes using CSV will not be replaced but appended.
entry to modify the "department" and "telephone number"
for group of users is given below:
"CN=jamessmith,OU=Finance,DC=admp,DC=com",Finance,+1-980-765-1234,"CN=group1,OU=Finance,DC=admp,DC=com;CN=Group2,OU=Sales,DC=admp,DC=com","CN=Manager,OU=Finance,DC=admp,DC=com",Senior Account Officer,65536,"\\admp-dc1\UserProfile\%givenName%","\\admp-dc2\HomeFiles\%displayName%","E:"
"CN=jameswilliam,OU=Finance,DC=admp,DC=com",Human Resource,+1-980-765-1234,"CN=group1,OU=HR,DC=admp,DC=com;CN=Group2,OU=US,OU=HR,DC=admp,DC=com","CN=Manager,OU=HR,DC=admp,DC=com",Senior HR,65536,"\\admp-dc1\UserProfile\%givenName%","\\admp-dc2\HomeFiles\%displayName%","E:"
Below is an example to modify a user with Exchange attributes: