There is an element of risk associated with performing bulk updates to your Active Directory database and you should be aware of the risks before starting the bulk update process. These risks should be considered whichever tool you decide to perform the bulk update and Bulk AD Users is no exception. After careful planning and testing the update process is likely to go very smoothly and in the unlikely event of failure, you will be prepared and have a plan in place to fix the problem.
There are a number of things to consider before performing bulk updates to the Active Directory Database:
- What impact will the update have on my users?
Certain attributes in Active Directory will have an impact on end users when they are changed. For example, changing the username format from {initial}{surname} to {firstname}.{surname} will prevent your users from logging in, unless you communicate the change before updating the attribute in Active Directory. - What impact will the update have on the performance of my network/servers?
The additional load to the servers and network should be considered, particulary if you have a large network distributed over a slow WAN infrastructure. Additional caution should be applied when updating a very large number of user accounts or if you are updating attributes that are likely to cause a lot of replication traffic (e.g. photos). - What if something goes wrong with the update?
I’d advise performing a backup of the directory before the update and be familiar with restore techniques so that you know what to do in case of failure. Bulk AD Users produces an XML log file that can be used to rollback unwanted updates, an additional safety net that you might not get with other tools. You should also consider testing the update in a lab environment and/or applying the update to a small batch of user accounts to begin with.
Checklist
- Consider impact on end users
- Consider impact on server/network performance.
- Plan an appropriate time to perform the update. (e.g. out of hours)
- Test the update in a lab environment.
- Have a recovery strategy in case of failure.
- Ensure you are familiar with backup/restore techniques, including authoritative restores.
- Perform a backup of your Active Directory database before the update.
- Test the update on a small batch of user accounts
Recovery Strategy
Your recovery strategy should always include having a backup of your Active Directory in place should the need arise for an authoritative restore. Bulk AD Users offers an additional level of protection by producing an XML log file that can be used to rollback unwanted updates. Rolling back the update using the XML log file is quicker and easier than performing an authoritative restore. It’s always advisable to have a backup of your active directory database in addition to the protection provided by the XML log file.
Please be aware that if the update process is interrupted (power failure etc), the XML log file might be incomplete. It could still be possible to undo the changes using the XML log file by editing the file in notepad and adding the closing XML tags. There might be other unanticipated issues that prevent you from been able to use the log file, so always include a backup of your Active Directory database as part of your recovery strategy.