- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
You know this popular picture of the GUI admin who clicks all day to reset user passwords after a security breach. Bulk Password Control is a nice example that proves that such tasks can be quickly done with a GUI tool without much click-click.
Bulk Password Control
The first task in any automation job is to determine the objects that have to be manipulated. Bulk Password Control offers several options here. You can provide a list of users, select an Active Directory container, specify an Active Directory user group, or enter an LDAP query.
The tool comes with a few common queries, such as “account has expired,” “user never logged on,” or “user must change password at next logon.” The custom LDAP filter allows you to select any imaginable set of user objects. Bulk Password Control will then display a table of all user objects that match the query, so you can verify that you will manipulate the correct objects.
The next step is to configure the bulk modifications you want to perform on the user objects. Likely, the most common task is to reset passwords. Bulk Password Control can automatically generate a unique password for every user. The Password Generation Options let you specify the complexity that Bulk Password Control will use to create the passwords.
After the bulk password reset, the tool will display the new password for each user in the table. Bulk Password Control also allows you to export the table to a CSV file as a tab-separated text file. Alternatively, you can set the same password for all users, an option that is questionable with regard to security. In addition, you can configure the tool to force users to change their password at logon.
A variety of bulk modifications are supported. You can enable, disable, and unlock the selected accounts. It is also possible to bulk modify attributes of all selected users and edit individual users in the table. Moving all users to a particular Active Directory container is possible as well.
Bulk modify user attributes
A nice feature of the free tool is that you can easily undo all your changes. Bulk Password Control automatically stores a log file of all its actions. To undo a bulk modification, you only have to select the corresponding log file and then click “Rollback.”
Undo bulk AD changes
The installation also contains a simple password reset tool that allows you to manually change the password of a particular user. You will probably be faster with this tiny tool than with ADUC.
Of course, Bulk Password Control also has its limitations. Say you have to create a large number of user objects according to certain rules, or you want to remove the home folder of users after you disabled them. However, more powerful Active Directory management tools exist that allow you to automate (almost) any Active Directory task. ManageEngine ADManager Plus and Softerra Adaxes are examples of good AD management tools.