Re: change computer passwords in an OU
- From: Joe H <JoeH@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 21 Feb 2008 08:01:03 -0800
Richard,
Thank you very much. Worked like a charm
--
Joe H
"Richard Mueller [MVP]" wrote:
Joe H wrote:.
I have a network with over 150 computers. I am trying to run a script that
will reset the local Administrator passwords on all computers (I don't
have
time to travel accross the US and touch each of the 150 computers in my
network)
My domain is something similar to: test.test1.com
In AD, I have an OU for geographical zones. Then inside that I have
serveral
OU's for each of the companies in my corporate network. Then inisde the
OU's
I have a places for computers, users etc for each company. I found the
following script in this site that is supposed to work for computer
password
reset in OU's
------------------------------------------------------------------------------------------------
Set objOU = GetObject("LDAP://OU=Finance, DC=fabrikam, DC=com")
objOU.Filter = Array("Computer")
For Each objItem in objOU
strComputer = objItem.CN
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
objUser.SetPassword("i5A2sj*!")
Next
------------------------------------------------------------------------------------------------
I have modified the script as follow:
------------------------------------------------------------------------------------------------
Set objOU = GetObject("LDAP://OU=Geozone/NA/Sites/Site1/Computers/test_OU,
DC=TEST DC=TEST1 DC=COM")
objOU.Filter = Array("Computer")
For Each objItem in objOU
strComputer = objItem.CN
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
objUser.SetPassword("testPassword")
Next
------------------------------------------------------------------------------------------------
When I run this script I get the following error
------------------------------------------------------------------------------------------------
Script: C:\scripts\computerPasswordReset
Line: 1
Char:1
Error: 0x80005000
Code: 80005000
Source: (null)
------------------------------------------------------------------------------------------------
Password on the test computer never gets reset.
Can someone be kind to point me on the right direction and tell me what is
wrong with the modified script that I am trying to run please?
Thank you in advance for any help provided.
I assume your VBScript program file has extension *.vbs. If you get an error
at line 1, that indicates that the AdsPath (the Distinguished Name of the
OU) you specify is wrong (or the domain cannot be contacted). It might be
similar to (watch line wrapping):
Set objOU =
GetObject("LDAP://ou=Geozone,ou=NA,ou=Sites,ou=Site1,ou=Computers,ou=Test_OU,dc=Test,dc=Test1,dc=com";)
Although that hierarchy looks unlikely. My example above means that the OU
"ou=Geozone" is a child (resides in) the ou "ou=NA", which in turn is a
child of the ou "ou=Site1", which is a child of "ou=Computers", which is a
child of "ou=Test_OU", which is in the root of the domain "Test.Test1.com".
You need to determine the correct AdsPath (Distinguished Name) of the OU in
question. The components should be separated by commas rather than slashes,
each component must be preceeded by a moniker like "ou=", "cn=", or "dc=",
and the components should be listed from left to right in order of
increasingly higher level components. The left most component is lowest
level, meaning it is a child of (is contained in) the next component. The
highest level component is "dc=com".
The syntax of my example is called "little-endian". There is an alternatve
(but very seldom used) alternative syntax called "big-endian" form in which
the components are listed in reverse order (from higher level components to
lower level) and the components are separated by slashes instead of commas.
My example above is in "little-endian" form, but the same example in
"big-endian" form would be:
Set objOU =
GetObject("LDAP://dc=com/dc=Test1/dc=Test/ou=Test_OU/ou=Computers/ou=Site1/ou=Sites/ou=NA/ou=Geozone";)
You snippet seems to combine the two forms, which is not valid. I cannot
tell from your example what your hierachy is (which OU's are inside which).
Finally, in most cases the value of the cn attribute of a computer object
(bound with the LDAP) provider will be the same as the NetBIOS name of the
computer. However, this does not have to be the case. They can be different.
The value of the sAMAccountName attribute is the NetBIOS name of the
computer with a trailing "$" appended. It may not matter in your case, but a
more correct version of your code would be similar to:
===============
Option Explicit
Dim objOU, objComputer, strComputer, objUser
' Bind to the OU with the LDAP provider.
Set objOU = GetObject("LDAP://ou=Sales,ou=West,dc=MyDomain,dc=com";)
' Filter on computer objects in the OU.
objOU.Filter = Array("computer")
' Enumerate all computers in the OU.
For Each objComputer In objOU
' Retrieve NetBIOS name of computer.
' This is required to bind with the WinNT provider.
strComputer = objComputer.sAMAccountName
' Strip off trailing "$".
strComputer = Left(strComputer, Len(strComputer) - 1)
' Bind to the local Administrator user on the computer with the WinNT
provider.
Set objUser = GetObject("WinNT://" & strComputer &
"/Administrator,user")
' Set the password.
objUser.SetPassword("xzy312qw")
Next
=========
I used "Option Explicit" and declared all of the variables in a Dim
statement to make troubleshooting easier.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
- References:
- change computer passwords in an OU
- From: Joe H
- Re: change computer passwords in an OU
- From: Richard Mueller [MVP]
- change computer passwords in an OU
- Prev by Date: Re: Remote Execution of VBS script
- Next by Date: Re: Writing to a text file
- Previous by thread: Re: change computer passwords in an OU
- Next by thread: Re: ASP vs ASP.net
- Index(es):
Relevant Pages
|
