Change other users passwords in Active Directory from remote nt4,2000,XP workstations

Discussion in 'Active Directory' started by Johnny, Aug 22, 2004.

  1. Johnny

    Johnny Guest

    Hi,

    Currently I'm helping to config a network changing from Win 2K server to
    Win 2k3 server.

    The network has workstations with NT4, 2000 Pro and XP Pro installed.

    What is the best way to allow a user that has been delegated "password
    change" rights of an OU to change users passwords in that Active Directory
    OU while on a remote workstation?

    Is there anyway to change the passwords/access active directory without
    installing any extra
    programs like ADSI, just pure vbscript or something else?

    It would also be useful if the script also set the bit in active directory
    that forced users to change their password at
    next logon, after the management users had set the password.


    I've tried this vbscript and other variations of it, but it doesn't seem to
    work or connect to

    DIM strPWD, strLDAP, strUSER

    strLDAP = "ou=people,dc=test,dc=here,dc=com"
    strUSER = inputbox("Enter the username:")
    strPWD = inputbox("Enter the new password:")

    Set objUser = GetObject("LDAP://cn=" & strUSER,strLDAP )
    objUser.SetPassword strPWD
    WScript.ECHO "Password Changed"


    Can anyone help?

    Any help would be greatly appreciated
     
    Johnny, Aug 22, 2004
    #1
    1. Advertisements

  2. Johnny

    Al Mulnick Guest

    You should likely change this line: Set objUser = GetObject("LDAP://cn=" &
    strUSER,strLDAP )
    What you've written equates to "Set objUser =
    GetObject(LDAP://cn=struserou=ou=people,dc=test,dc=here,dc=com) when it
    should come out as "Set objUser =
    GetObject(LDAP://cn=strUser,ou=people,dc=test,dc=here,dc=com) note the extra
    comma you don't have. To concatenate the line, the code would look like
    this:

    DIM strPWD, strLDAP, strUSER

    strLDAP = "ou=people,dc=test,dc=here,dc=com"
    strUSER = inputbox("Enter the username:")
    strPWD = inputbox("Enter the new password:")

    strUSER = strUSER & ","

    Set objUser = GetObject("LDAP://cn=" & strUSER,strLDAP )
    objUser.SetPassword strPWD
    WScript.ECHO "Password Changed"

    If that doesn't do what you want, then post the error back so we can get a
    better idea of the problem. It's possible that some of the client versions
    won't like that code.

    Also:
    Force change of password:
    http://www.microsoft.com/technet/community/scriptcenter/user/scrug30.mspx
    example.

    Al
     
    Al Mulnick, Aug 22, 2004
    #2
    1. Advertisements

  3. Johnny

    Al Mulnick Guest

    I've just realized I've also been cross-posting. Sorry, last one.

    Correction. The code should look like:

    DIM strPWD, strLDAP, strUSER

    strLDAP = "OU=TestOU,DC=VMDomain,DC=com"
    strUSER = inputbox("Enter the username:")
    strPWD = inputbox("Enter the new password:")


    Set objUser = GetObject("LDAP://cn=" & strUSER & "," & strLDAP)
    objUser.SetPassword strPWD
    WScript.ECHO "Password Changed"

    -Al
     
    Al Mulnick, Aug 22, 2004
    #3
  4. Johnny

    Johnny Guest

    Thanks for the reply, didn't expect one so soon (or any response, going on
    previous experience with newsgroups).

    I wasn't sure which group to post the problem in and thought it may be of
    interest/related to all the groups I posted it to.

    If I should stick to one group, which one?

    I tried what you posted and modified it to the following:


    DIM strPWD, strLDAP, strUSER

    strLDAP = "OU=TestOU,DC=VMDomain,DC=com"
    strUSER = inputbox("Enter the username:")
    strPWD = inputbox("Enter the new password:")

    Set objUser = GetObject("LDAP://cn=" & strUSER & "," & strLDAP)
    objUser.SetPassword strPWD
    objUser.Put "pwdLastSet", 0
    objUser.SetInfo

    WScript.ECHO "Password Changed, you will be required to change your password
    at next logon"


    This works fine as an Admin on a XP workstation, but keep getting "Acess
    denied" errors when run as a member of the delegated user group. The
    delegation of the OU to a group doesn't seem to affect the actual
    permissions on user objects in that OU, the users don't seem to have "allow
    inheritable permissions from parent to propagate to this object".

    So what permissions should be set for the delegated users in Active
    Directory to get this script to work on the users in that OU?

    Thanks again.
     
    Johnny, Aug 25, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.