force user to change password on next logon

We have single domain Windows Server 2003 AD environment. I need force user to change password on next logon in single OU. I have a script that works with OU at the top of the hierarchy but not with nested
OU's. See the script below:

' PwdLastSet .vbs
' VBScript to force a user to change password at next logon
' --------------------------------------------------------------'

Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain
Dim intCounter, intPwdValue

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' -------------------------------------------------------------'
' Important change OU= to reflect your domain
' -------------------------------------------------------------'

strContainer = "OU=XXXX Rica,OU=XXXX, "
strContainer = strContainer & strDNSDomain

intCounter = 0

' Here we force a change of password at next logon
intPwdValue = 0

' Loop through OU=, resetting all user accounts
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.Put "PwdLastSet", intPwdValue
objUser.SetInfo
End If
intCounter = intCounter +1
Next

' Optional section to record how many accounts have been set
WScript.Echo "PwdLastSet = " & intPwdValue _
& vbCr & "Accounts changed = " & intCounter
WScript.Quit

' End of Sample PwdLastSet VBScript




Submitted via EggHeadCafe - Software Developer Portal of Choice
ADO.NET Handling Concurrency Issues and Null Values in Updates
http://www.eggheadcafe.com/tutorials...-concurre.aspx

"Hitesh Hansalia" wrote in message
news:...
> We have single domain Windows Server 2003 AD environment. I need force
> user to change password on next logon in single OU. I have a script that
> works with OU at the top of the hierarchy but not with nested
> OU's. See the script below:
>
> ' PwdLastSet .vbs
> ' VBScript to force a user to change password at next logon
> ' --------------------------------------------------------------'
>
> Option Explicit
> Dim objOU, objUser, objRootDSE
> Dim strContainer, strDNSDomain
> Dim intCounter, intPwdValue
>
> ' Bind to Active Directory Domain
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
>
> ' -------------------------------------------------------------'
> ' Important change OU= to reflect your domain
> ' -------------------------------------------------------------'
>
> strContainer = "OU=XXXX Rica,OU=XXXX, "
> strContainer = strContainer & strDNSDomain
>
> intCounter = 0
>
> ' Here we force a change of password at next logon
> intPwdValue = 0
>
> ' Loop through OU=, resetting all user accounts
> set objOU =GetObject("LDAP://" & strContainer )
> For each objUser in objOU
> If objUser.class="user" then
> objUser.Put "PwdLastSet", intPwdValue
> objUser.SetInfo
> End If
> intCounter = intCounter +1
> Next
>
> ' Optional section to record how many accounts have been set
> WScript.Echo "PwdLastSet = " & intPwdValue _
> & vbCr & "Accounts changed = " & intCounter
> WScript.Quit
>
> ' End of Sample PwdLastSet VBScript
>

You can use a recursive subroutine to handle nested OU's. For example (not
tested):
============
Option Explicit
Dim strOU, objOU, intCounter

' Specify the parent (top level) OU.
strOU = "ou=West,dc=MyDomain,dc=com"

' Bind to the parent OU.
Set objOU = GetObject("LDAP://" & strParent)

' Variable intCounter has global scope.
intCounter = 0
Call EnumOU(objOU)

Wscript.Echo "Accounts changed: " & CStr(intCounter)

Sub EnumOU(ByVal objParent)
' Recursive subroutine to process all users in an OU
' and all sub OU's.

Dim objUser, objChild

' Enumerate all users in the OU.
objParent.Filter = Array("user")
For Each objUser In objParent
' Skip computer objects.
If (objUser.Class = "user") Then
objUser.Put "pwdLastSet", 0
objUser.SetInfo
intCounter = intCounter + 1
End If
Next

' Enumerate all child OU's.
objParent.Filter = Array("organizationalUnit")
For Each objChild In objParent
Call EnumOU(objChild)
Next
End Sub

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Thanks Richard, I got Logic of Recursive call and it is workign afer defining few unspecified dims.



Richard Mueller [MVP] wrote:

"Hitesh Hansalia" wrote in messageYou can use a recursive subroutine to handle
08-Dec-09

"Hitesh Hansalia" wrote in messag

You can use a recursive subroutine to handle nested OU's. For example (no
tested)
===========
Option Explici
Dim strOU, objOU, intCounte

' Specify the parent (top level) OU
strOU = "ou=West,dc=MyDomain,dc=com

' Bind to the parent OU
Set objOU = GetObject("LDAP://" & strParent

' Variable intCounter has global scope
intCounter =
Call EnumOU(objOU

Wscript.Echo "Accounts changed: " & CStr(intCounter

Sub EnumOU(ByVal objParent
' Recursive subroutine to process all users in an O
' and all sub OU's

Dim objUser, objChil

' Enumerate all users in the OU
objParent.Filter = Array("user"
For Each objUser In objParen
' Skip computer objects
If (objUser.Class = "user") The
objUser.Put "pwdLastSet",
objUser.SetInf
intCounter = intCounter +
End I
Nex

' Enumerate all child OU's
objParent.Filter = Array("organizationalUnit"
For Each objChild In objParen
Call EnumOU(objChild
Nex
End Su

-
Richard Muelle
MVP Directory Service
Hilltop Lab - http://www.rlmueller.ne
--

Previous Posts In This Thread:


Submitted via EggHeadCafe - Software Developer Portal of Choice
SQL Server FOR XML EXPLICIT Examples
http://www.eggheadcafe.com/tutorials...ml-explic.aspx