Bulk Password Control - Basics

Overview

The Bulk Password Control feature of Password Control is designed to work with large numbers of user accounts. For example if you work in an academic environment, you might have been asked to reset the passwords of all user accounts in a particular class. Bulk Password Control also allows you to disable/enable user accounts and unlock user accounts.

Using Bulk Password Control

The first step you will need to perform is to specify the user accounts you want to work with. There are four methods to add user accounts to the grid.

From List

Simply enter each username on a seperate line. You can also open a text file ontaining a list of usernames.

From OU

Simply navigate to the OU containing the user accounts you want to import. The search scope option will determine if nested organizational units are included in the search. For example, If you selected the "Computing Students" ouganizational unit in the dialog box pictured above with a search scope of "Subtree", the "Year1" and "Year2" organizational units will also be included. If you selected "One Level", only the "Computing Students" organizational unit would be included.

From Group

The "From Group" dialog allows you to select users based on their membership in one or more groups. The list of groups can be filtered to display only security groups as shown in the dialog above. You could also uncheck the "Domain Local" and "Universal" checkboxes if you wanted to show only global security groups.

By default, the "Include Nested Members" option is checked. This simply means that if "Group A" is a member of "Group B" and you select "Group B" in the "From Group" dialog, users from "Group A" would also be returned.

You can select multiple groups by using the CTRL/Shift keys.

From Query

The first part of this dialog is asking you to specify a search root. This is simply the organizationl unit where you want to start the search. By default the search root will search all containers in the domain. Click the "Change" button if you would like to restrict the search to a particular organizational unit. The dialog box shown is the same one from the "From OU" section above.

The next part of the dialog asks you to specify an LDAP filter. A number of pre-defined filters are available from the "Common Filters" combo box. The filter selected in the dialog box above will find all accounts that will expire in the next seven days. The query actually includes two parameters that will be replaced when the query is run:

##FT:Now+d1##
Take the current date, add one day to it and covert the date to filetime format (Large Integer).

##FT:Now+d8##
Take the current date, add eight days to it and convert the date to filetime format (Large Integer)

You can modify the parameters to suite your own requirements. You can replace the "Now+d1" and "Now+d8" with dates if you prefer. e.g. ##FT:2007-09-30##

If you click the "LDAP Query (Runnable)" tab, you will see the actual query that is sent to active directory.

Note that the dates have been converted to large integers. Also note that the filter has been modified to filter for user accounts.

More about pre-defined queries

Removing Users

You can remove any user accounts you don't want in the grid by selecing the row(s) and clicking the delete button on your keyboard. Don't worry - this won't delete the user accounts in Active Directory.

Changing Passwords

By default a unique password is generated for each user. You can click the "Password Generation Options" in the file menu to specify the format of generated passwords. The passwords will be displayed in the gridview and you can export the list of usernames and passwords to CSV or text file if required.

If you prefer to use a sinlge password for all users, uncheck the "Generate a unique password for each user" checkbox - this will allow you to enter a password in the textbox. Check or uncheck the "Force password change at login" option as required and click the "Change Password" button to change user passwords.