active directory script to reset passwords

TheMSsForum.com: The Microsoft Software Forum

Hello all,

I am trying to write a script that will reset all user account
passwords under a specific OU. This part i have accomplished. I
would like the script to reset ALL user accounts though, including
child containers. My script only resets the passwords in the first OU
and will not go into the underlying containers. Any help would be
greatly appreciated. Please see my existing code below. Thanks in
advance!!!!

' VBScript to change a user's password
' ---------------------------------------------------------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword
Dim intCounter, intAccValue, intPwdValue
Const ADS_SCOPE_SUBTREE = 2

' --------------------------------------------------------'
' Note: Change OU=nowhere, to reflect your domain
' --------------------------------------------------------'
strContainer = "OU=Remote Users, "
strPassword = "P@$$w0rd"
intAccValue = 544
intPwdValue = 0
intCounter = 0
' -------------------------------------------------------'
' Makes the user change P@$$w0rd password at first logon
' -------------------------------------------------------'

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE


Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strContainer = strContainer & strDNSDomain
set objOU =GetObject("LDAP://" & strContainer )
objOU.Filter = Array("user")

For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
objUser.Put "pwdLastSet", intPwdValue
objUser.SetInfo

objUser.Put "userAccountControl", intAccValue
objUser.SetInfo
intCounter = intCounter +1
End if
next

WScript.Echo strPassword & " is Password. UserAccountValue = " _
& intAccValue & vbCr & intCounter & " accounts changed"
WScript.Quit
Top

Re: active directory script to reset passwords by Richard

Richard
Wed Jul 25 20:23:03 CDT 2007

tiv wrote:

> I am trying to write a script that will reset all user account
> passwords under a specific OU. This part i have accomplished. I
> would like the script to reset ALL user accounts though, including
> child containers. My script only resets the passwords in the first OU
> and will not go into the underlying containers. Any help would be
> greatly appreciated. Please see my existing code below. Thanks in
> advance!!!!
>
> ' VBScript to change a user's password
> ' ---------------------------------------------------------'
> Option Explicit
> Dim objOU, objUser, objRootDSE
> Dim strContainer, strDNSDomain, strPassword
> Dim intCounter, intAccValue, intPwdValue
> Const ADS_SCOPE_SUBTREE = 2
>
> ' --------------------------------------------------------'
> ' Note: Change OU=nowhere, to reflect your domain
> ' --------------------------------------------------------'
> strContainer = "OU=Remote Users, "
> strPassword = "P@$$w0rd"
> intAccValue = 544
> intPwdValue = 0
> intCounter = 0
> ' -------------------------------------------------------'
> ' Makes the user change P@$$w0rd password at first logon
> ' -------------------------------------------------------'
>
> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand = CreateObject("ADODB.Command")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open "Active Directory Provider"
>
> Set objCommand.ActiveConnection = objConnection
> objCommand.Properties("Page Size") = 1000
> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>
>
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
> strContainer = strContainer & strDNSDomain
> set objOU =GetObject("LDAP://" & strContainer )
> objOU.Filter = Array("user")
>
> For each objUser in objOU
> If objUser.class="user" then
> objUser.SetPassword strPassword
> objUser.SetInfo
> objUser.Put "pwdLastSet", intPwdValue
> objUser.SetInfo
>
> objUser.Put "userAccountControl", intAccValue
> objUser.SetInfo
> intCounter = intCounter +1
> End if
> next
>
> WScript.Echo strPassword & " is Password. UserAccountValue = " _
> & intAccValue & vbCr & intCounter & " accounts changed"
> WScript.Quit
>

You can filter the objOU object on objects of class organizationalUnit and
container and enumerate the child containers. You can use a recursive method
to handle any depth of hierachy. For example:
==============
Option Explicit
Dim strContainer, objRootDSE, strDNSDomain, objOU
Dim intCounter

' Specify parent OU.
strContainer = "OU=Remote Users,"

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strContainer = strContainer & strDNSDomain
Set objOU = GetObject("LDAP://" & strContainer)

intCounter = 0
Call SetPass(objOU, intCounter)

Wscript.Echo "Password changed for " & CStr(intCounter) & " accounts"

Sub SetPass(ByVal objContainer, ByRef intCounter)
' Recursive Sub to reset passwords for all users in a container
' and all child containers/OUs.

Dim strPassword, intAcctValue, intPwdValue

strPassword = "P@$$w0rd"
intAccValue = 544
intPwdValue = 0

' Enumerate users.
objContainer.Filter = Array("user")
For Each objUser In objContainer
' Can include user and computer objects.
If (objUser.Class = "user") Then
objUser.SetPassword strPassword
objUser.Put "pwdLastSet", intPwdValue
objUser.Put "userAccountControl", intAccValue
objUser.SetInfo
intCounter = intCounter + 1
End If
Next

' Enumerate child containers and OUs (but not builtin containers).
objContainer.Filter = Array("organizationalUnit", "container")
For Each objChild In objContainer
' Recursively call Sub for each child container/OU.
Call SetPass(objChild, intCounter)
Next

End Sub
==========
Note that the ADO objects are not needed. Also, what you are doing is not
recommended, as it gives everyone the same password. Finally, you are giving
all users the value 544 for userAccountControl, which means a normal user
and password is not required. Best practice is not to assign a value to
userAccountControl, but rather to set the appropriate bits for what you want
to accomplish. This leaves all other bits of userAccountControl unchanged.
For example, if you really what to set the flag for "password not required",
the code for the Sub should be:
==========
Sub SetPass(ByVal objContainer, ByRef intCounter)
' Recursive Sub to reset passwords for all users in a container
' and all child containers/OUs.

Dim strPassword, intPwdValue
Dim lngFlag
Const ADS_UF_PASSWD_NOTREQD = &H20

strPassword = "P@$$w0rd"
intPwdValue = 0

' Enumerate users.
objContainer.Filter = Array("user")
For Each objUser In objContainer
If (objUser.Class = "user") Then
objUser.SetPassword strPassword
objUser.Put "pwdLastSet", intPwdValue
' Retrieve current flag value.
lngFlag = objUser.Get("userAccountControl")
' Set bit for password not required.
lngFlag = lngFlag Or ADS_UF_PASSWD_NOTREQD
' Assign new flag value.
objUser.Put "userAccountControl", lngFlag
objUser.SetInfo
intCounter = intCounter + 1
End If
Next

' Enumerate child containers and OUs.
objContainer.Filter = Array("organizationalUnit", "container")
For Each objChild In objContainer
' Recursively call Sub for each child container/OU.
Call SetPass(objChild, intCounter)
Next

End Sub
===========
A minor point. Only one SetInfo is needed.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


Top

Re: active directory script to reset passwords by tiv

tiv
Thu Jul 26 10:37:48 CDT 2007

On Jul 25, 9:23 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@ameritech.nospam.net> wrote:
> tiv wrote:
> > I am trying to write a script that will reset all user account
> > passwords under a specific OU. This part i have accomplished. I
> > would like the script to reset ALL user accounts though, including
> > child containers. My script only resets the passwords in the first OU
> > and will not go into the underlying containers. Any help would be
> > greatly appreciated. Please see my existing code below. Thanks in
> > advance!!!!
>
> > ' VBScript to change a user's password
> > ' ---------------------------------------------------------'
> > Option Explicit
> > Dim objOU, objUser, objRootDSE
> > Dim strContainer, strDNSDomain, strPassword
> > Dim intCounter, intAccValue, intPwdValue
> > Const ADS_SCOPE_SUBTREE = 2
>
> > ' --------------------------------------------------------'
> > ' Note: Change OU=nowhere, to reflect your domain
> > ' --------------------------------------------------------'
> > strContainer = "OU=Remote Users, "
> > strPassword = "P@$$w0rd"
> > intAccValue = 544
> > intPwdValue = 0
> > intCounter = 0
> > ' -------------------------------------------------------'
> > ' Makes the user change P@$$w0rd password at first logon
> > ' -------------------------------------------------------'
>
> > Set objConnection = CreateObject("ADODB.Connection")
> > Set objCommand = CreateObject("ADODB.Command")
> > objConnection.Provider = "ADsDSOObject"
> > objConnection.Open "Active Directory Provider"
>
> > Set objCommand.ActiveConnection = objConnection
> > objCommand.Properties("Page Size") = 1000
> > objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>
> > Set objRootDSE = GetObject("LDAP://RootDSE")
> > strDNSDomain = objRootDSE.Get("DefaultNamingContext")
> > strContainer = strContainer & strDNSDomain
> > set objOU =GetObject("LDAP://" & strContainer )
> > objOU.Filter = Array("user")
>
> > For each objUser in objOU
> > If objUser.class="user" then
> > objUser.SetPassword strPassword
> > objUser.SetInfo
> > objUser.Put "pwdLastSet", intPwdValue
> > objUser.SetInfo
>
> > objUser.Put "userAccountControl", intAccValue
> > objUser.SetInfo
> > intCounter = intCounter +1
> > End if
> > next
>
> > WScript.Echo strPassword & " is Password. UserAccountValue = " _
> > & intAccValue & vbCr & intCounter & " accounts changed"
> > WScript.Quit
>
> You can filter the objOU object on objects of class organizationalUnit and
> container and enumerate the child containers. You can use a recursive method
> to handle any depth of hierachy. For example:
> ==============
> Option Explicit
> Dim strContainer, objRootDSE, strDNSDomain, objOU
> Dim intCounter
>
> ' Specify parent OU.
> strContainer = "OU=Remote Users,"
>
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
> strContainer = strContainer & strDNSDomain
> Set objOU = GetObject("LDAP://" & strContainer)
>
> intCounter = 0
> Call SetPass(objOU, intCounter)
>
> Wscript.Echo "Password changed for " & CStr(intCounter) & " accounts"
>
> Sub SetPass(ByVal objContainer, ByRef intCounter)
> ' Recursive Sub to reset passwords for all users in a container
> ' and all child containers/OUs.
>
> Dim strPassword, intAcctValue, intPwdValue
>
> strPassword = "P@$$w0rd"
> intAccValue = 544
> intPwdValue = 0
>
> ' Enumerate users.
> objContainer.Filter = Array("user")
> For Each objUser In objContainer
> ' Can include user and computer objects.
> If (objUser.Class = "user") Then
> objUser.SetPassword strPassword
> objUser.Put "pwdLastSet", intPwdValue
> objUser.Put "userAccountControl", intAccValue
> objUser.SetInfo
> intCounter = intCounter + 1
> End If
> Next
>
> ' Enumerate child containers and OUs (but not builtin containers).
> objContainer.Filter = Array("organizationalUnit", "container")
> For Each objChild In objContainer
> ' Recursively call Sub for each child container/OU.
> Call SetPass(objChild, intCounter)
> Next
>
> End Sub
> ==========
> Note that the ADO objects are not needed. Also, what you are doing is not
> recommended, as it gives everyone the same password. Finally, you are giving
> all users the value 544 for userAccountControl, which means a normal user
> and password is not required. Best practice is not to assign a value to
> userAccountControl, but rather to set the appropriate bits for what you want
> to accomplish. This leaves all other bits of userAccountControl unchanged.
> For example, if you really what to set the flag for "password not required",
> the code for the Sub should be:
> ==========
> Sub SetPass(ByVal objContainer, ByRef intCounter)
> ' Recursive Sub to reset passwords for all users in a container
> ' and all child containers/OUs.
>
> Dim strPassword, intPwdValue
> Dim lngFlag
> Const ADS_UF_PASSWD_NOTREQD = &H20
>
> strPassword = "P@$$w0rd"
> intPwdValue = 0
>
> ' Enumerate users.
> objContainer.Filter = Array("user")
> For Each objUser In objContainer
> If (objUser.Class = "user") Then
> objUser.SetPassword strPassword
> objUser.Put "pwdLastSet", intPwdValue
> ' Retrieve current flag value.
> lngFlag = objUser.Get("userAccountControl")
> ' Set bit for password not required.
> lngFlag = lngFlag Or ADS_UF_PASSWD_NOTREQD
> ' Assign new flag value.
> objUser.Put "userAccountControl", lngFlag
> objUser.SetInfo
> intCounter = intCounter + 1
> End If
> Next
>
> ' Enumerate child containers and OUs.
> objContainer.Filter = Array("organizationalUnit", "container")
> For Each objChild In objContainer
> ' Recursively call Sub for each child container/OU.
> Call SetPass(objChild, intCounter)
> Next
>
> End Sub
> ===========
> A minor point. Only one SetInfo is needed.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab -http://www.rlmueller.net
> --

Thank you soooo much!!!! The first code is EXACTLY what i needed. i
did comment out the flags for the UserAccountControl and pwdlastset so
that it doesn't set the password as expired. I needed this to reset
passwords for accounts after a division of the company is sold, so it
is alright if they are all the same. Thanks again!!!!!!!!

Top