Suggestions for Bulk password management

brad-

Before I just grab something off a google search, was curious if anyone had any recommendation for an Active Directory bulk password manager. I need to reset everyone in a specific OU's password to something common.

Thx.

RobertKaucher

http://www.wisesoft.co.uk/software/passwordcontrol/default.aspx

This is what I have used. Simple stuff.

Devilsbane

You could also get a list of users and use an excel spreadsheet to generate a batch file. But Rob's program sounds a lot easier.

blargoe

Can't you just browse to OU in the ADUC, select all of the users at the same time, right-click, Reset Password... ?

RobertKaucher

blargoe wrote: »

Can't you just browse to OU in the ADUC, select all of the users at the same time, right-click, Reset Password... ?

You are asssuming all the users are in the same OU.

During the worst part of the "economic crisis" we had huge layoffs and I had to deactivate multiple accounts accross many departments. My own policy is that I change the password to something complex and set the account as disabled. It's pretty simple using the bulk tool above. Takes longer using ADUC when you have to hunt and peck.

dynamik

brad- wrote: »

I need to reset everyone in a specific OU's password to something common.

RobertKaucher wrote: »

You are asssuming all the users are in the same OU.

Is he?

down77

Don't neglect some of the build in tools! You can perform modifications with csvde and ldfide as well as with dsquery, dsmod, etc... an example of an "ou based" modification using dsquery piping into dsmod:

dsquery user "ou=NewUser,dc=Contoso,dc=com" -limit 0 | dsmod user -pwd BulkPassword -mustchpwd yes > Changedpassword.log

The above parses all user accounts from the NewUser OU and modifies their account with the password BulkPassword, forcing them to change at next logon. It also pipes the output to a text file called Changedpassword.log. You can actually get pretty advanced with the built in commands, powershell, and vbscript

Devilsbane

blargoe wrote: »

Can't you just browse to OU in the ADUC, select all of the users at the same time, right-click, Reset Password... ?

Nope, not one of the options. (Unless there is some hack that I don't know of...)

blargoe

Devilsbane wrote: »

Nope, not one of the options. (Unless there is some hack that I don't know of...)

He's right... reset password isn't one of the options exposed in the ADUC if you select multiple users.

My bad.

RobertKaucher

dynamik wrote: »

Is he?

LOL, bite me! That was good.

brad-

blargoe wrote: »

He's right... reset password isn't one of the options exposed in the ADUC if you select multiple users.

My bad.

Ya I thought that option was in there too, I selected everyone, rightclick - Im like WTF is my AD jackedup or something? No, just not an option for a multiple selection.

I knew about the dsmod - im just kind of shy around it because all I ever used it for was studying for 70-290. I like GUIs, I guess you could say im not a true nerd.

brad-

RobertKaucher wrote: »

http://www.wisesoft.co.uk/software/passwordcontrol/default.aspx

This is what I have used. Simple stuff.

TY sir, trying it now.

rsutton

brad- wrote: »

I like GUIs, I guess you could say im not a true nerd.

I wouldn't say that but you need to think of it like this; it will take you x clicks in the GUI to reset these passwords which will take x amount of time. Then ask yourself if you can lookup and create a DSmod script in less time. You would be surprised how easy and fast it is to use DSMod.

brad-

RobertKaucher wrote: »

http://www.wisesoft.co.uk/software/passwordcontrol/default.aspx

This is what I have used. Simple stuff.

Using it, it will do exactly what I need.

Word of advice for anyone else using it though, selecting row(s) and then doing a bulk modify modifies the entire list, regardless of what is selected. Just throwing that out there. The rollback feature is greyed out for me.