Re: Password complexity..domain policy

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Matjaz Ladava [MVP] (matjaz_at_ladava.com)
Date: 08/30/04 

Date: Mon, 30 Aug 2004 14:01:31 +0200

The script that does that forces user to change password on next login is
something like

Set objUser = GetObject ("LDAP://CN=user,OU=yourou,DC=domain,DC=com")
objUser.Put "pwdLastSet", 0
objUser.SetInfo

now you just need to wrap this with a LDAP query, so that the final result
is someting like this

Set objDSE = GetObject("LDAP://rootDSE")

strBase= "<LDAP://OU=yourstartOU," & objDSE.Get("defaultNamingContext") &
">;"
strFilter = "(&(objectClass=user)(objectCategory=person));"
strAttrs = "ADsPath;"
strScope="Subtree"

Set objConn = CreateObject("ADODB.Connection")
objConn.Open "Provider=ADsDSOObject"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
While not objRS.EOF
  ' Attach to the user object
  Set objUser = GetObject(objRS.Fields("ADsPath"))
  objUser.Put "pwdLastSet", 0
  objUSer.SetInfo
  Wscript.Echo "Done"
  objRS.MoveNExt
Wend

Schedule this script as a task to run after few days (under account that has
permission to modify user objects) and notify users prior.
Hope this helps. You could also use ADModify (search google.com) to do this. 

-- 
Regards
Matjaz Ladava
MVP Windows Server - Directory Services
matjaz@ladava.com, matjazl@mvps.org
"Hank Arnold" <rasilon@aol.com> wrote in message 
news:2pgbcqFkmbs0U1@uni-berlin.de...
> Could you point us to a script that could do this? I will be in a 
> situation soon where I need to do that....
>
> -- 
> Regards,
> Hank Arnold
>
> "Matjaz Ladava [MVP]" <matjaz@ladava.com> wrote in message 
> news:OdUdUofjEHA.2140@TK2MSFTNGP15.phx.gbl...
>> When their change password schedule occur. But you can write a script 
>> which would expire passwords of existing users and thus force them to 
>> change password.
>>
>> -- 
>> Regards
>>
>> Matjaz Ladava
>> MVP Windows Server - Directory Services
>> matjaz@ladava.com, matjazl@mvps.org
>>
>> "darren" <Darren@somewhere.com> wrote in message 
>> news:OZPDfLfjEHA.1712@TK2MSFTNGP09.phx.gbl...
>>> lets say I have enable password complexity, via a domain gp..     I have
>>> read that this policy will only apply to new users, is this correct and 
>>> if
>>> so when would this policy apply to existing users??
>>>
>>> Thanks
>>> Darren
>>>
>>>
>>
>>
>
>

Relevant Pages

  • Re: Password complexity..domain policy
    ... Could you point us to a script that could do this? ... Hank Arnold ... > When their change password schedule occur. ... >> so when would this policy apply to existing users?? ...
    (microsoft.public.win2000.active_directory)
  • Being *Smart* with the shadow file ???
    ... I'm trying to write a script to calculate that a user's password is ... `passwd -f $userid` so that when s/he logs in the next day s/he will be ... not even see the $>prompt to change password. ... how to calculate using UNIX epoch would be the way to go... ...
    (comp.unix.solaris)
  • Being *Smart* with the shadow file ???
    ... I'm trying to write a script to calculate that a user's password is ... `passwd -f $userid` so that when s/he logs in the next day s/he will be ... not even see the $>prompt to change password. ... how to calculate using UNIX epoch would be the way to go... ...
    (comp.unix.shell)
  • Re: Form Submit Button Question
    ... Javascript Onclick event on each button to set form.action. ... When I hit ENTER on the computer keyboard, ... Firefox choose the "Change Password" button (I assume because it is the ... The script uses the $_POSTvalue to determine what to do as there are three different forms on the page. ...
    (comp.lang.php)
  • Re: Form Submit Button Question
    ... Javascript Onclick event on each button to set form.action. ... When I hit ENTER on the computer keyboard, ... Firefox choose the "Change Password" button (I assume because it is the ... The script uses the $_POSTvalue to determine what to do as ...
    (comp.lang.php)