The name of the free tool Bulk Password Control is perhaps a bit misleading because the free tool enables you to automate all kinds of bulk modifications on Active Directory user objects with a fast to use GUI.
Latest posts by Michael Pietroforte (see all)

You know this popular picture of the GUI admin who clicks all day to reset user passwords after a security breach. Bulk Password Control is a nice example that proves that such tasks can be quickly done with a GUI tool without much click-click.

Bulk Password Control

Bulk Password Control

The first task in any automation job is to determine the objects that have to be manipulated. Bulk Password Control offers several options here. You can provide a list of users, select an Active Directory container, specify an Active Directory user group, or enter an LDAP query.

The tool comes with a few common queries, such as “account has expired,” “user never logged on,” or “user must change password at next logon.” The custom LDAP filter allows you to select any imaginable set of user objects. Bulk Password Control will then display a table of all user objects that match the query, so you can verify that you will manipulate the correct objects.

The next step is to configure the bulk modifications you want to perform on the user objects. Likely, the most common task is to reset passwords. Bulk Password Control can automatically generate a unique password for every user. The Password Generation Options let you specify the complexity that Bulk Password Control will use to create the passwords.

Bulk Password Control - Password complexity

Password complexity

After the bulk password reset, the tool will display the new password for each user in the table. Bulk Password Control  also allows you to export the table to a CSV file as a tab-separated text file. Alternatively, you can set the same password for all users, an option that is questionable with regard to security. In addition, you can configure the tool to force users to change their password at logon.

Bulk Password Control - Changed password

Changed passwords

A variety of bulk modifications are supported. You can enable, disable, and unlock the selected accounts. It is also possible to bulk modify attributes of all selected users and edit individual users in the table. Moving all users to a particular Active Directory container is possible as well.

Bulk modify user attributes

Bulk modify user attributes

A nice feature of the free tool is that you can easily undo all your changes. Bulk Password Control automatically stores a log file of all its actions. To undo a bulk modification, you only have to select the corresponding log file and then click “Rollback.”

Undo bulk changes

Undo bulk AD changes

The installation also contains a simple password reset tool that allows you to manually change the password of a particular user. You will probably be faster with this tiny tool than with ADUC.

Password Control

Password Control

Of course, Bulk Password Control also has its limitations. Say you have to create a large number of user objects according to certain rules, or you want to remove the home folder of users after you disabled them. However, more powerful Active Directory management tools exist that allow you to automate (almost) any Active Directory task. ManageEngine ADManager Plus and Softerra Adaxes are examples of good AD management tools.


Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2021


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account