Re: Problem running a script
- From: Brandon McCombs <none@xxxxxxxx>
- Date: Tue, 05 Aug 2008 23:35:17 -0400
Thalador wrote:
I thought of that but when I imported the users I assigned them all passwords
In case it helps, from http://blogs.msdn.com/alextch/default.aspx?p=2 :
The issue was around setting the userAccessControl attribute. Initially I was setting this attribute in the following sequence:
newUser.Properties["userAccountControl"].Value = 512; newUser.CommitChanges();
newUser.CommitChanges();
newUser.Invoke("SetPassword", new object[] { ConfigurationSettings.AppSettings.Get("defaultPwd") });
which worked fine in my lab environment where password complexity policy was disabled, but would produce the above mentioned error if password complexity policy is enabled.
Rearanging the sequence like so fixed the issue:
newUser.Invoke("SetPassword", new object[] { ConfigurationSettings.AppSettings.Get("defaultPwd") });
newUser.Properties["userAccountControl"].Value = 512; newUser.CommitChanges();
newUser.CommitChanges();
"Brandon McCombs" wrote:.
Thalador wrote:I got a script to set the userAccountControl of all users in an OU to 512. This is the script I am using:If passwords are currently blank (and they probably are given the flag you said you set) then you have to turn off password complexity options in the domain policy before you can set your accounts to use 512 as their UAC value. If I recall correctly, that is what I did to fix this same problem a few years ago.
' UserAccountControl .vbs
' Sample VBScript to enable a user account
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.0 - May 2005
' --------------------------------------------------------------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strLastUser, strDNSDomain, intAccValue
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Here is where we set the value to enable the account
' 512 = Enable, 514 = Disable.
intAccValue = 512
' -------------------------------------------------------------'
' Important change OU= to reflect your domain
' -------------------------------------------------------------'
strContainer = "OU=Users "
strContainer = strContainer & strDNSDomain
set objOU =GetObject("LDAP://"; & strContainer )
For each objUser in objOU
If objUser.class="user" then
' The heart of this script - Enable users
objUser.Put "userAccountControl", intAccValue
objUser.SetInfo
End if
next
' End of Free Sample UserAccountControl VBScript
The problem is when I run it I get a script error "The server is unwilling to process the request." Code 80072035. After doing some research it is pointing to domain policy that is restricting this from running. I have 2000+ users that were imported that have the UF_PASSWD_NOTREQD flag set. I need to do a bulk modify to set all these users to 512.
My question is, how do I determine which part of domain policy is stopping this from running so that I can disable it. Or can this be done another way?
Thanks
- References:
- Problem running a script
- From: Thalador
- Re: Problem running a script
- From: Brandon McCombs
- Re: Problem running a script
- From: Thalador
- Problem running a script
- Prev by Date: Re: Problem running a script
- Next by Date: Win32 Time Service not running on one of the Win2003 DC
- Previous by thread: Re: Problem running a script
- Next by thread: Explanation of one script
- Index(es):
Relevant Pages
|
