oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button O'Reilly Book Excerpts: Active Directory Cookbook

Cooking with Active Directory, Part 2

Related Reading

Active Directory Cookbook
By Robbie Allen

Editor's note: In the previous batch of recipes we presented from Active Directory Cookbook we covered how to find the domain controllers that are acting as one of the FSMO roles, and how to determine the last time a user logged into a domain. This week we offer a recipe from Chapter 6 ("Users") on modifying an attribute for several users at once, and another from Chapter 7 ("Groups") on viewing the nested members of a group.

Recipe 6.4: Modifying an Attribute for Several Users at Once


You want to modify an attribute for several users at once.


Using a graphical user interface

TIP:   This requires the Windows Server 2003 version of the Active Directory Users and Computers snap-in.

  1. Open the Active Directory Users and Computers (ADUC) snap-in.
  2. If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select Connect to Domain, enter the domain name, and click OK.
  3. In the left pane, browse to the parent container of the objects you want to modify.
  4. In the right pane, highlight each object you want to modify, right-click and select Properties.
  5. Check the box beside the attribute(s) you want to modify and edit the fields for the attributes.
  6. Click OK.

Using a command-line interface

The following command sets the home directory of all users under a parent container (<ParentDN>) to be on a particular file server (<FileServer>). The user (i.e., $username$) is automatically replaced with the sAMAccountName for the user.

> for /F "usebackq delims=""" %i in (`dsquery user "<ParentDN>" -limit 0 
-scope onelevel`) do dsmod user -hmdir "\\<FileServerName>\$username$" %i

Using VBScript

' This code sets the home drive of all users under a container
' to be on a file server where the share name is the same as the user's
' sAMAccountName.
set objParent = GetObject("LDAP://<ParentDN>")
objParent.Filter = Array("user")
for each objUser in objParent
    Wscript.Echo "Modifying " & objUser.Get("sAMAccountName")
    objUser.HomeDirectory = "\\<FileServerName>\" & _


It is often necessary to update several users at once due to an organizational, locational or file server change. In each solution, I showed how to modify all users within a parent container, but you may need to use different criteria for locating the users.

With ADUC, you are limited to modifying multiple users that belong to the same container. You can, however, create a Saved Query with the Windows Server 2003 version of ADUC that returns users based on any criteria you specify. You can then highlight those users and modify them as described in the GUI solution.

With the CLI solution, you can modify the dsquery user command to search on whatever criteria you want. The same applies in the VBScript solution, but you'll need to use an ADO query instead of the Filter method if you want to do anything more complex. See Recipe for more information on searching with ADO.

Pages: 1, 2

Next Pagearrow