Re: Problem running a script

Thalador wrote:
I got a script to set the userAccountControl of all users in an OU to 512. This is the script I am using:

' UserAccountControl .vbs
' Sample VBScript to enable a user account
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.0 - May 2005
' --------------------------------------------------------------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strLastUser, strDNSDomain, intAccValue

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' Here is where we set the value to enable the account
' 512 = Enable, 514 = Disable.
intAccValue = 512

' -------------------------------------------------------------'
' Important change OU= to reflect your domain
' -------------------------------------------------------------'
strContainer = "OU=Users "
strContainer = strContainer & strDNSDomain

set objOU =GetObject("LDAP://"; & strContainer )

For each objUser in objOU
If objUser.class="user" then
' The heart of this script - Enable users
objUser.Put "userAccountControl", intAccValue
objUser.SetInfo
End if
next

' End of Free Sample UserAccountControl VBScript


The problem is when I run it I get a script error "The server is unwilling to process the request." Code 80072035. After doing some research it is pointing to domain policy that is restricting this from running. I have 2000+ users that were imported that have the UF_PASSWD_NOTREQD flag set. I need to do a bulk modify to set all these users to 512.

My question is, how do I determine which part of domain policy is stopping this from running so that I can disable it. Or can this be done another way?

Thanks

If passwords are currently blank (and they probably are given the flag you said you set) then you have to turn off password complexity options in the domain policy before you can set your accounts to use 512 as their UAC value. If I recall correctly, that is what I did to fix this same problem a few years ago.
.

Relevant Pages

  • Re: Problem running a script
    ... I thought of that but when I imported the users I assigned them all passwords ... ' UserAccountControl .vbs ... ' The heart of this script - Enable users ... how do I determine which part of domain policy is stopping ...
    (microsoft.public.windows.server.active_directory)
  • Problem running a script
    ... I got a script to set the userAccountControl of all users in an OU to 512. ... Dim strContainer, strLastUser, strDNSDomain, intAccValue ... how do I determine which part of domain policy is stopping ...
    (microsoft.public.windows.server.active_directory)
  • Re: Block logon script
    ... domain policy to map network drivers and set the computer times. ... running Vista. ... is there a way to block the script from running just on ... account and keep the script in the default policy? ...
    (microsoft.public.windows.server.active_directory)
  • Re: UserAccountControl, enable account and converted native DS type
    ... Script Center right? ... You should not assign values this way to userAccountControl. ... disable the account. ... the bit mask for ADS_UF_ACCOUNTDISABLE has a value of 2. ...
    (microsoft.public.scripting.vbscript)
  • Re: Password policy & userAccountControl ?
    ... Users with userAccountControl 544 was auto created, ... but administrators have the possibility to break domain policy rule. ... while the account is created: ... I did create a test account via script with no password and the ...
    (microsoft.public.windows.server.active_directory)
Loading