ADModify.net is an excellent tool for Exchange and Network administrators allowing bulk modifications of Active Directory objects. The tool was designed by the Exchange Support Services team using C# .Net 2003. Essentially, you can use it to change any Active Directory attribute of an object or select multiple objects to make attribute changes in bulk. Even those attributes not available in the Graphical User Interface (GUI) can be specified by Name and Value making ADModify.NET a truly essential tool for administrators.
This tool has saved my life on more than one occasion when I used it, with great success, to recover from a hardware failure on Exchange server.
ADModify.NET has many uses. However, for the purposes of this article, we will cover the following topics:
Download this tool for free from the project workspace:
Please note: ADModify.NET requires the .NET Framework v 1.1. Also, you cannot run ADModify.NET across a network drive.
Once you have downloaded the file, extract the files and double click ADModify.exe. This doesn’t install anything and simply opens the ADModify.NET application.
Figure 1: ADModify.Net startup screen
We’ll start by having a quick look at the range of attributes that can be altered.
Click Modify Attributes. This opens the following form:
Figure 2: Modifying Attributes
Select the appropriate domain from the Domain List and select the Domain Controller (DC) you wish to use. Click the green arrow and this displays your domain very similar to Active Directory Users and Computers. Expand the Domain Tree List.
You have the option to only show the types of objects you wish. If you un-tick Show Containers Only, you can drill down to individual users inside the relevant OU. You will need to click the green arrow to re-query the Domain Tree List.
Select the users that you wish to modify and click Add to List. When you have added all the users you need, select the users in the right-hand pane and click Next. This takes you to the following form:
Figure 3: ADModify.NET properties
I would suggest that you take a good look around the various properties tabs. They should seem very familiar as this is similar to the Active Directory Properties Dialog Box. If you have a test domain, experiment with changing attributes for a few different users.
I recently experienced the death of a power supply on an Exchange 2003 server, which set the clock ticking straight away. So to get users quickly sending and receiving email, I used ADModify.net to change the user’s mailbox location from the dead server to a spare Exchange Server. After recovering the hardware, I moved the users' mailboxes back to the original server, again using ADModify.NET.
This example assumes you have two Exchange 2003 servers installed on your Windows Domain with Public Folders synchronized between the two servers.
Figure 4: Example network
Start ADModify.NET and click Modify Attributes. Select the appropriate domain from the Domain List and select the Domain Controller (DC) you wish to use. Click the green arrow. Expand the Domain Tree List.
Select the Organizational Unit (OU) or users that you wish to modify and click Add to List. When you have added all the users you need, select the users in the right-hand pane and click Next.
To change the mailbox location, hit the Exchange General tab and Click Set homeMTA. Select Exchange02 from the drop down list of homeMTA and Click Go!
Figure 5: ADModify.NET. Modifying Exchange General Attributes
Re-launch ADModify.NET and repeat the process back to the Exchange General tab. Click Set homeMDB, then select Exhange02 from the drop down list of homeMDB and Click Go! This moves the mailboxes from the faulty server (Exchange01) to the spare server (Exchange02).
TIP: I would recommend moving the mailboxes in two stages like this, as I have had mixed results when selecting multiple users and trying to apply these bulk changes to both the homeMTA and homeMDB attributes at the same time.
Depending on how your network and firewall are configured, you will probably need to move the Public IP Address from the faulty server onto your spare server to allow mail to flow into your Exchange Organisation. You will then find that users can send and receive email as normal.
Force Active Directory replication to each DC and send a test email to a mailbox to test the transfer. This will buy you valuable time to fix the faulty server and re-commission.
Once you have fixed the faulty server, to transfer the mailboxes back to the original server simply reverse the process:
Start ADModify.NET and click Modify Attributes. To change the mailbox location, hit the Exchange General tab and Click Set homeMTA. Select the Exchange01 from the drop down list of homeMTA and Click Go!
Re-launch ADModify.NET and repeat the process back to the Exchange General tab. Click Set homeMDB, then select Exchange01 from the drop down list of homeMDB and Click Go!
Force Active Directory replication to each DC and send a test email to a mailbox to test the transfer.
When you change a user's mailbox location like this, you are in fact not literally moving their mailbox. Their original mailbox containing all their mail, calendar and contacts etc remains where it is. A new mailbox for the user is simply created in the new location. So when you transfer the mailbox back to the original server, you will need to merge both mailboxes to ensure users have a complete copy of their mailbox data. Follow this tutorial by Henrik Walther to do that.
A great part of this tool is the ability to undo your actions. With the exception of the Remove Exchange Attributes and Import Mailbox Rights options, every modification can be undone.
Whenever you make changes to attributes, these changes are logged in an xml file and saved as the current date and time: MMDDYYYYHHMMSS.xml, which can be used to roll-back the changes.
To undo an action, launch ADModify.NET. Click Undo Changes.
Figure 6: Undo Changes Dialog Box
Click Browse to select the appropriate xml file to roll back the relevant changes. Click Undo. The changes will have been rolled back.
The changes are also saved in the file undo.log. This file contains details of all users processed by Undo, and logs skipped users, the reason for a user being skipped, and a summary of the changes.
It is possible to add a user with specific rights to multiple mailboxes at the same time. In our example network domain, we want to give Bob Full Access rights to the mailboxes of Asif and Sue. Start ADModify.NET and Click Modify Attributes.
Select the appropriate domain from the Domain List and select the Domain Controller (DC) you wish to use. Un-tick Show Containers Only.
Click the green arrow and this displays your domain very similar to Active Directory Users and Computers. Expand the Domain Tree List.
Drill down to the individual users inside the relevant OU. Select the users Asif and Sue and click Add to List. Click Select All and click Next.
Figure 7: Mailbox Rights Attributes
Click the Mailbox Rights Tab. Tick the Add User to Mailbox Rights box. Enter the user name in the DOMAIN\username format and tick Full Mailbox Access. Then click Go!
There are various options that can be set here. Including the ability to Bulk Remove a User from Mailbox rights. This is the same as the Bulk Add option except this option will remove the specified user from mailbox rights. Undo for these operations is supported.
This article has scratched the surface of what the ADModify.NET tool can do. It makes bulk modifications to all Active Directory objects a synch and can quickly help to recover from disaster and get users sending and receiving email within no time.
The latest release has an excellent undo feature which means that Network Administrators can be confident in the knowledge that any bulk modifications can also be rolled back. ADModify.NET should simply be part of every Exchange administrator’s toolbox.
RAID is a technique to virtualize independent disks into arrays for improved performance. Should you…
COVID-19 has changed everything, but once it disappears, we will not go back to how…
An Exchange server with a hybrid connection to Microsoft 365 is usually pretty seamless —…
Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…
The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…
Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…