|Last updated 27th November 2018
AD Bulk Users is a simple to use yet powerful application that allows you to import or update
In the steps below connect to Active Directory and specify the location the new users will be created.
Connecting to Active Directory
AD Bulk Users reads the users to import or update from a data source such as an Excel spread sheet or SQL Table, you don’t manually enter usernames into the program.
The data source can be a CSV file, Text file; Excel (XLS and XLSX) spreadsheet or a Microsoft SQL, MySQL or Oracle
The import file can be formatted using the CSV (comma separated value) format or semicolon separated format allowing easy preparation using a spreadsheet program such as Excel.
You can import any of the attributes found below and place them in the import file in any order. As shown in the example below, row 1 contains the column header, this is the attribute name you wish to import such as givenName (first name). The attribute names can be placed in any order, you don’t need to use all the attributes names, simply add the attributes you require. The column header (sAMAccountName,givenName,sn) tells the program what to expect in the rows beneath. Using a spreadsheet allows you to construct the file quickly or import your user data
Below is an example file that will create 9 new users, the columns shown are the minimum required to create a new user. You can add additional columns such as description, telephoneNumber, mail etc.
AD Bulk Users can be used to modify existing Active Directory Users. To update existing users add a column to your CSV/Excel or table named Modify and set the value to TRUE. Alternatively, you can check the highlighted checkbox below when opening your file.
Below is an example Excel file that will update the description, telephoneNumber and company attributes for each user in the file. The file can be saved to CSV, XLS or XLSX format. AD Bulk Users will search for the user in Active Directory using the sAMAccountName value, the Modify column tells the program we are updating existing users, the remaining columns are those to be updated. If the check box above has been checked the Modify column is not needed.
Example file that will update 3 existing users:
Example file that will update add 3 existing users to two groups:
Example file that will change the password for 3 existing users:
To open the file containing your users click Open File in the ribbon, you will then see the Open File dialog box below. Click the three dots … in the File text box to browse for your CSV, Text or Excel file. If your file contains users that already exist in Active Directory (i.e. you are not creating new users) then check ‘Set Modify to true’, this tells the program we are updating existing users. When you click OK the program will read your file and display the contents in the data grid.
If your CSV or Text file is semi-colon or tab separated, then you will need to change the Delimiter from the default Comma.
If your file contains characters that are not in the English alphabet you may need to change the Encoding option so it matches the encoding of your file.
If you want to use a database as your data source, simply click on ‘Open Database’ button in the main ribbon and then select your Database Server from the drop down menu, Microsoft SQL, MySQL and Oracle are supported.
After you have chosen your database server enter the connection string in the large text box followed by the Table Name. Click the ‘Test Connection’ button to check your connection string works. When you click OK the program will attempt to read from the database.
The column names in your table need to match those used by the program (See list of attributes/column names), you can map the table column to the one expected by AD Bulk Users via the Settings tab and Attributes, in the example below the database table has a column named is EmployeeFirstName, we want this value to be inserted into the givenName attribute in Active Directory. So that AD Bulk Users can read the column we need to change edit the givenName column and change the Name value to EmployeeFirstName. So long as the LDAP Property doesn’t change the program will read from EmployeeFirstName and correctly add the value to the givenName attribute. You can do this for all columns that need mapping.
Below are some example connection strings to connect to MS SQL, MySQL and Oracle servers.
When you open a file or connect to a database the program will display each user found in the main grid, each row represents one user. The column headers contain the attributes that will be created/updated. To preview of how the user will look when created in Active Directory, double click a row to bring up the preview window (shown below), click the ‘Previous’ and ‘Next’ buttons to step through each user.
When you have opened the file containing your users or connected to the database the program will load the users so they are visible in the main window, before we import the users we need to validate the file so the data is imported into Active Directory correctly. To validate the users click the Validate button in the ribbon. The program checks for common problems such as the password meeting the domain password policy. If the validation fails you will see a message showing which user(s) have a problem and the cause, a common problem would be two or more users with the same username. If the validation passes then the Start button will be enabled allowing you Start the import/update.
Click the Start button in the ribbon to start the import/update, the program will automatically switch to the Log tab showing a progress of the import. You can stop the import at any time by clicking the Stop button, the program will finish creating a user and stop before it starts creating or updating the next user, it will not stop in the middle of creating/updating a user.
The speed you can create new users will depend on how many columns you have in your file or table and the speed of your server and network. Creating the home folder, Exchange mailbox and running PowerShell scripts will increase the time needed to create a user. You can expect to create approximately 4 users a second, 240 users in 1 minute (without mailbox or home folders). 15,000 new users will take approximately 1 hour. When testing we regularly import 100,000 new users which takes approximately 6 hours.
When the import starts the program will switch to the Log tab and show the progress of the import, any errors will be displayed in red in the Status column. Hover your mouse over the error to see more details. The log can be exported to CSV, Excel and PDF. You can filter row to search for users or errors.
Version 5 of AD Bulk Users has a built-in scheduler which means you can schedule imports and
Creating a new schedule
To create a new scheduled import or update click the icon highlighted below, this will start the schedule wizard.
Below is a walkthrough of the Schedule Wizard.
1. Enter a name for the schedule (e.g. Import from HR).
2. Select the frequency you want the schedule to run.
3. Select when you want the schedule to run.
4. Specify credentials used for connecting to the domain.
5. Select the source of the data.
6. If you chose a file in the previous step then you will see the screen below, select the file to be imported, encoding and delimiter.
If you chose database in the previous step then you will see the screen below, select the data source, username and password for the connection and a table name.
7. On the step below you can specify options for the import. Each schedule you create can have different options.
8. On the step below you can choose to have a home folder or profile folder created.
9. If you are creating users with an Exchange mailbox you will need to specify the Exchange server version and mailbox database to use.
10. The log produced during when the schedule is running can be saved to a specified location. If the schedule is reoccurring, then check ‘Append timestamp to log file name’ to avoid overwriting the log file.
11. The final step is to review the schedule summary.
Edit a schedule
To edit an existing schedule, highlight the schedule then click the icon shown below.
Delete a schedule
To delete an existing schedule, highlight the schedule then click icon shown below.
Settings affect all imports; Options only affect your current import. When using the built-in scheduler you will be able to set Options for each schedule.
Review the options before each import as you may have different requirements and depending on what you are doing. For example if you wanted to update the telephone numbers for all of your users Active Directory may contain a phone number for the user but your source does not, to avoid overwriting the phone number that exists in Active Directory with an empty value check the option ‘Do not modify attributes with empty values’.
Below is a screen shot of the main Options tab. Each option is covered individually below.
The first option on the Options tab is the ID Column, the attribute set here is used to locate users in Active Directory. The ID Column needs to be a unique value in the domain such as sAMAccountName, userPrincipalName, employeeNumber, employeeID or mail (email address).
The default is sAMAccountName (user name) as this is mandatory and unique in the domain. Other attributes such as userPrincipalName, employeeID etc are optional and not guaranteed to be unique.
Choosing the option “Create new and update existing users” will make the application automatically detect the action (create a new user or update an existing user) based on whether the user already exists in Active Directory. The sub-options determine whether a mailbox or home folders/profile paths should be created when using this option. If a user does already exist you may not want the program to attempt to recreate the mailbox or recreate the home folder.
The validation tab contains checks the program will perform before allowing the import to go ahead. For example to compare the passwords in the import source with the domain password policy. When validating the data source if the password does not meet the domain password policy then validation will fail.
The User Creation section contains several options; each is covered individually below.
Create new users enabled
This option will set the userAccountControl attribute so the user account is created enabled rather than disabled, this is check by default.
Increment “sAMAccountName” if another user exists with the same value
When importing new users it is possible the username (sAMAccountName) is already in use in the domain, when this option is checked the program will search the domain for a user with the same sAMAccountName value. If a user with the same username (sAMAccountName) exists the program will append a number to the username so the user account can be created. The program will continue to increment the sAMAccountName value as required, “jsmith1”, “jsmith2”, “jsmith3” etc.
When this option is unchecked the program will not search the domain to see if the username is in use. The user will fail to be created if a user with the same sAMAccountName value is already exists.
Increment “cn” if another user exists with the same value
The cn value needs to be unique within the Organizational Unit (OU) where it will be created, when this option is checked the program will search the OU for a user with the same cn value, if the cn value is in use the program will append a number to the value so the account can be successfully created.
If it is unchecked the program will not search the OU to see if the username is in use. The user will fail to be created if the cn value is already in use.
If there is no cn column in your file (or data source) then the program will use the givenName (first name) and sn (last name) values to construct the cn value. The cn value is used to construct the distinguishedName which is unique in the domain.
Increment “userPrincipalName” if another user exists with the same value
As with the sAMAccountName the userPrincipalName needs to be unique within the domain.
When this option is checked the program will append a number to the userPrincipalName so the account can be created. When this option is unchecked the user will fail to be created if the userPrincipalName is already in use.
When a user is being created AD Bulk Users can create the users home folder and apply the correct permissions to the folder.
Option 1 using the GUI
Under Options in the main ribbon you will fund the Home Folder options, here you can set the drive to be mapped and the path to the home folder. The wildcard %username% is used in the example below, each user being created would have their folder created in the same location.
Option 2 using your data source
If you want to create home folders in multiple locations, then don’t use this option 1 above instead you can use the homeFolder column in your file/table. In the example below the home folder path and drive are separated by a semi-colon, the createHomeDirectory column will tell the program to create the home folder when the value is set to TRUE.
Modifying the home folder/drive for existing users
Should you not want to create the home folder but instead update the users existing path to their home folder or change the drive letter you can do this using the homeDrive and homeDirectory columns. Below is an example:
AD Bulk Users can create Exchange mailboxes or mail-enable users, this can be done for new users or existing users.
• Requires Exchange Management Tools and PowerShell 3.0 installed on the computer
Before a mailbox can be created the program needs to know what version of Exchange server you have and which mailbox database should be used.
You can set the Exchange server version and select which database to use on the Exchange tab.
Note: For Exchange 2010 and later specify to run the PowerShell script remotely.
Before the program can create an Office 365 mailbox or assign an Office 365 license you will need to enter credentials to connect to Office 365, select the Country Code and your Tenant Name.
To create a user with an Office 365 mailbox use the column header O365Mailbox with a value of True, to assign a user an Office 365 license use the column header O365License.
Due to sync delays it may not be possible to create a user and immediately create the Office 365 mailbox as your local domain may not have synced with Office 365. You can however create the users first and then use the program to modify the now existing users. Below is an example CSV file that will create modify/update an existing user and create the Office 365 mailbox and assign the user a license.
Below is a screen shot of the Settings tab, each setting is covered individually below.
The attributes (columns headers in your file/database) that AD Bulk Users recognizes can all be found under the Attribute setting. If you have added custom attributes to Active Directory and want to be able to populate them using AD Bulk Users you can do that here. The list attributes/columns can also serve as a reference when creating your import file/database table.
To speed up the creation of your import file/table you can use wildcards to read the value from another column.
The following wildcards can be used throughout your CSV file or SQL table:
To create a new wildcard click the ‘Add’ button, in the Wildcard dialogue box enter a wildcard name such as employeeID and then select a column that the wildcard will read. You can use a Regular Expression if you want to manipulate the value.
Below is an example import file that uses the wildcards %username% which reads the value from the sAMAccountName column, %givenName% and %sn% which read the values from the givenName and sn columns.
Adding a user to a group(s)
To add a user to a group(s) add a column named memberOf to your file or database, the value should be the distingusihedName of the group (E.g. CN=Sales,OU=Groups,DC=Domain,DC=Com). By default users are added to the group and not removed from the group, if you want to reverse how the memberOf column works you can by
Adding a user to multiple groups
To add a user to multiple groups simply separate the distingusihedName of each group with a semi-colon as shown in the example below. The example below would create a new user and add the user to two groups.
Add a user to a group(s) using friendly names
You can add a user to a group using a friendly name such as Group1 or Students2020 etc, to use friendly names you need to create a mapping between the friendly name and the distingusihedName of the group. To do this click on the Groups button in the Settings ribbon, you will then see the dialog box below, click Add to create a new friendly name to group mapping or Auto Populate and the program will automatically import the groups and assign a friendly name.
AddToGroup and RemoveFromGroup
When you have created a friendly name to group mapping you can use the column AddToGroup to add a user to a group(s). The example file below will create a new and add the user to three groups.
If you are modifying existing users you can use both columns in the same file/table to add users to groups and remove, in the example below separate.
If you want to remove a user from all the groups it is a memberOf and you can add a column to your file/table named RemoveFromAllGroups and set the value to TRUE. In the example import file below the two existing users will be removed from all the groups they are members of.
You can run PowerShell scripts after a user is created, modified or deleted. To add a PowerShell script click the PowerShell Scripts button in the ribbon. You will then see the window below, click Add to add a new script.
To execute a script against a user, add a column named “PSScripts” to your file/table and enter the Script Name as the column value. To run multiple scripts separate each Script Name with a semi-colon. The script can contain wildcards. If an error occurs during script execution, the error will be shown in the log.
To run scripts locally on the PC/server running AD Bulk Users you will need PowerShell 2.0 or later installed. To run scripts remotely click on the Advanced tab (shown below) to specify where the script should be run.
For the remote scripts to work, you need to have the Windows Remote Management service running on the client and remote machine. If you can’t find the service, you should install it from the Add/Remove Windows Features in the control panel. To set the default configuration for the service, run the following command on the client and remote server:
To change the language used by AD Bulk Users click Global Settings on the Settings ribbon, the default language is English (United States). The program will need to restart for the changes to take effect.
The manager attribute
You can populate the manager attribute using the managers sAMAccountName (username) or the manager distinguishedName value.
Behind the scenes in Active Directory the manager attribute contains the distinguishedName of the manager, so using the sAMAccountName maybe a little slower as the program uses the sAMAccountName to lookup the distinguishedName of the manager.
Example using the manager’s username:
Example using the manager’s distinguishedName:
How do I update the sAMAccountName?
By default, the sAMAcountName (username) is used to locate the user in Active Directory and when updating existing AD users. To update the sAMAccountName we need to change the attribute we use as the ID Column, changing the ID Column to another unique attribute such as userPrincipalName or mail allows us to update the sAMAccountName. Below is an example CSV/Excel file.
Change the ID Column by clicking Options on the Main ribbon.
Renaming a user
To update most attributes with AD Bulk Users you simply add the sAMAccountName (username of the user to be updated) followed by a Modify column with the value set to TRUE (as we are updating a user not creating a new one) followed by the attributes that you want to update.
To update a user’s name that, you see in Active Directory Users and Computers you need to update the ‘cn’ attribute.
The example below would update the cn and userPrincipalName.
You can use wildcards such as %username% in the Rename column if needed for example in the userPrincipalName value you can use %firstname.lastname@example.org which will read the value from the sAMAccountName column.
Logging can be enabled to troubleshoot problems. Enable logging via the Settings tab and then Global Settings.
The scheduler built-in to AD Bulk Users contains a wizard that will help you automate the import and updating of users, however if you do need to use a command line you can use ADBulkUsersCLI.exe. You can find the syntax and command line examples for ADBulkUsersCLI.exe below.
Command line shortcut
There are a lot of arguments so a quick shortcut is to create a scheduled job in using the built-in scheduler wizard in the GUI and set it to run once. Then you can use the command line argument /schedule:NameOfSchedule which will save working out all the complex command line arguments. It is the only argument you need as it will run the schedule on demand.
AD Bulk Users Command Line Syntax
/? /HELP – Displays command-line help
/LANG – Changes the application language (e.g. /lang:de)
/LOG – Enables application logging
/SOURCE – Determines the type of the data source. Values: FILE, DB
If not specified by default FILE is assumed.
/SETMODIFYTRUE – Indicates whether to set Modify to true, Default: False
File Source Options:
/FILEPATH – The path of the source file
CSV File Source Options:
/DELIMITER – The CSV delimiter character
/QUOTE – The CSV quote character
/ESCAPE – The CSV escape character
/COMMENT – The CSV comment character
/CODEPAGE – The CSV file code page number
Database Source Options:
/ODBCSOURCE – The ODBC data source name
/DOMAIN – The domain name (Required)
/IDCOLUMN – The ID column name (Required)
/AUTODETECTUSERACTION – Auto detects the action (Create/Modify)
/VALIDATEPASSWORDSAGAINSTPOLICY – Validates the passwords against the password policy
User Creation Options:
/CREATENEWUSERSENABLED – Creates new users enabled
User Modification Options:
/IGNOREEMPTYVALUES Ignores columns with empty values
User Deletion Options:
/NEVERDELETEUSERS – Never deletes users
/CREATEGROUPSTHATDONOTEXIST – Creates groups that do not exist
Home Folders Options
/ALWAYSCREATEHOMEFOLDER – Always creates the home folders
Terminal Services Home Folders Options:
/ALWAYSCREATETSHOMEFOLDER – Always creates the TS home folders
Profile Path Options:
/ALWAYSCREATEPROFILEPATH Always creates the profile path folder
Terminal Services Profile Path Options:
/ALWAYSCREATETSPROFILEPATH – Always creates the TS profile path folder
/EXCHANGEVERSION – The Exchange version (AutoDetect, V2003,V2007 or V2010)
Exchange Remote Runspace Properties:
/RMCOMPUTERNAME – The remote machine name
Log File Options:
/SAVELOGFILE – Indicates whether to save the log file
Command Line Example:
The following example imports the users from a CSV file and saves the log file:
ADBulkUsersCLI /filepath:”c:\users.csv” /domain:testdomain.com /dc:DC01.testdoma
Command Line Simplified
You can use the built-in scheduler to create the import as you need it and set it to run once.
Then from the command line you can use:
If you require assistance you can contact us via our support form.