Changing password based on Change password at next logon flag
- From: "Sean M. Loftus" <sean(remove me)@loftus.org>
- Date: Fri, 13 May 2005 16:32:33 -0400
I'm trying to use the script below to change the password for every account
in an OU based on whether the change password flag is still enabled or not.
When I use the WinNT method it works up until "PWD =
objUserName.get"("extensionattribute2") and then say proeprty is not in the
cache. I tried doing the same with LDAP and connect to the distinguishedName
attribute (which works fine) but it won't recognize the "PwdLastSet" from
LDAP the same way. I suppose I could do an export and use the file to
populate the password back, but what fun would that be...
Anyone see an easier way to do this?
Thanks,
--------------------------------------------
Rem Sean M. Loftus May 5, 2005
Rem Changes the password of all users in a given OU with the change
Rem password at next logon flag still set to the format of UMS and
Rem the users EMPLID taken from extensionattribute2.
Rem Usage = cscript myvbscript.vbs "OU=My Ou, DC=My Domain, DC=com"
Rem OU must be enclosed in quotes if it contains spaces in the name
Dim strTargetOU
Dim objUserName
Dim User
Dim PasswordExpired
ParseCommandLine()
wscript.echo "The target OU is, " & strTargetOU
wscript.echo
wscript.echo "Querying Change password Flag of Users in " & strTargetOU
Set oTargetOU = GetObject("LDAP://"; & strTargetOU)
oTargetOU.Filter = Array("user")
For each usr in oTargetOU
If instr(usr.SamAccountName, "$") = 0 Then
vCN = usr.get("samaccountname")
Set objUserName = GetObject("WinNT://STUDENT/" & vCN & ",user")
'Querying the User Must Change Password at Next Logon Status Flag
PasswordExpired= objUserName.Get("PasswordExpired")
If PasswordExpired = 1 Then
wscript.echo "The user account is configured so that the password must
be changed at next logon."
wscript.echo "Resetting password to UMS plus extensionattribute2 value
from this account."
'Set the Users password
PWD = objUserName.get("extensionattribute2")
objUserName.SetPassword PWD 'Password
'Enable must change password @ logon flag on = 0, off = 1 if already
set to on
'objUserName.Put "pwdLastSet", 0 'Uncomment if passwords are required
to be changed at logon
'...and update the DS
objUserName.SetInfo
Set vCN = Nothing
Set PwdLastSet = Nothing
Set Passwo0rdExpired = Nothing
Set objUserName = Nothing
Else
wscript.echo "The user will NOT be required to change the account
password on next logon."
Set vCN = Nothing
Set PasswordExpired = Nothing
Set PWD = Nothing
Set objUserName = Nothing
end if
Else
wscript.echo "SamAccountName not equal to Zero"
End If
Next
Sub ParseCommandLine()
Dim vArgs
set vArgs = WScript.Arguments
if vArgs.Count <> 1 then
DisplayUsage()
Else
strTargetOU = vArgs(0)
End if
End Sub
Sub DisplayUsage()
WScript.Echo
WScript.Echo "Usage: cscript.exe " & WScript.ScriptName & " <Target OU to
change users UPN in>"
WScript.Echo "Example: cscript " & WScript.ScriptName & " " & chr(34) &
"OU=MyOU,DC=MyDomain,DC=com" & chr(34)
WScript.Quit(0)
End Sub
---------------------------------------------------------
--
Sean M. Loftus
Enterprise Architect
Loftus Consulting, Inc.
www.LoftusConsulting.com
sean(removeme)@loftus.org
.
- Prev by Date: Find Service using specific domain user credentials
- Next by Date: Re: Find Service using specific domain user credentials
- Previous by thread: Find Service using specific domain user credentials
- Next by thread: ADSI setting terminal services attributes
- Index(es):
Relevant Pages
|
