Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Update a value in AD

Status
Not open for further replies.
bnymk

bnymk

Programmer
Joined
Feb 7, 2003
Messages
296
Location
US
Hello all:

Does anyone know how to update the password of all users in an active directory. The password of the majority of the accounts that were created in the Active Directory have now expired and instead of going thru each one of them and manually resetting their passwords, would like to use a script that can do that. Any help would be greatly appreciated.

Thanks

"Behind every great fortune there lies a great crime", Honore De Balzac
 
Sort by date Sort by votes
Anyone??

"Behind every great fortune there lies a great crime", Honore De Balzac
 
Upvote 0 Downvote
Ok, I came up with this with a help of a Microsoft website. This script does exactly what I want but only for one record "testFirst testLast". Can someone help me out on how to do it for multiple users in one OU?

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objUser = GetObject ("LDAP://CN=testFirst testLast,OU=Test,OU=Allusers,DC=company,DC=com")
intUAC = objUser.Get("userAccountControl")

If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
Wscript.Echo "Already enabled"
Else
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
WScript.Echo "Password never expires is now enabled"
End If

"Behind every great fortune there lies a great crime", Honore De Balzac
 
Upvote 0 Downvote
With that .sig ?!?!??!

Change all passwords in the AD?

um.
 
Upvote 0 Downvote
Sheco I don't know what you are trying to say in your last post.

Anyway, I figured it out myself and here is the script for anyone who might be interested. The code loops thru all accounts and checks "Password never expires" check box for each user in the OU that you specified.

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://OU=Test,OU=Allusers,DC=company,DC=com' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName").Value
objRecordSet.MoveNext
Set objUser = GetObject ("LDAP://" & strDN)
intUAC = objUser.Get("userAccountControl")

If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
Wscript.Echo "Already enabled"
Else
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
WScript.Echo "Password never expires is now enabled"
End If

Loop



"Behind every great fortune there lies a great crime", Honore De Balzac
 
Upvote 0 Downvote
I think Sheco was alluding to the notion that setting all password to never expire is a crime (the signature) waiting to happen.

JB
 
Upvote 0 Downvote
Ok, guys I might have spoken too soon. The script that I have works only if the number of users in the specified OU is less than 50. When I try to use the script on an OU that has thousands of users then it only updates half of the record. Can someone please look at my script and tell me what I am missing?

'Enumeration When set, the password will not expire on this account
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

'Declare variables that will be used to write out status
Dim OutPutFile
Dim FileSystem

'Initialize the variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("PasswordStatus-output.txt", True)

'create a connection to AD using AD ADO (Active X Data Objects) provider
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection


'A query to get users full name from the specified OU
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://OU=CompanyUsers,OU=Allusers,DC=company,DC=com' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName").Value
objRecordSet.MoveNext
Set objUser = GetObject ("LDAP://" & strDN)
intUAC = objUser.Get("userAccountControl")

If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
OutPutFile.WriteLine objUser.Name & ": already enabled"
Else
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
OutPutFile.WriteLine objUser.Name & ": Password never expires is now enabled"
End If
OutPutFile.WriteLine
Loop
Wscript.Echo "Done"

"Behind every great fortune there lies a great crime", Honore De Balzac
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question Question
Trying to adapt VBScript to search if machine is in an AD group
Replies
8
Views
2K
SoftwareRT
SoftwareRT
bdwilcox
  • Locked
  • Question Question
Script seeing input variable value as blank but sees hard-coded value
Replies
6
Views
1K
bdwilcox
bdwilcox
S
  • Locked
  • Question Question
Need to submit page when clicking a checkbox
Replies
0
Views
637
shbr5413
S
Z3braa
  • Locked
  • Question Question
Remove specific computer name in Logon Workstation from from all users in AD, with VBScript
Replies
0
Views
489
Z3braa
Z3braa
lunter
  • Locked
  • Question Question
How to create vbArray+vbByte (8209) in *.vbs stript
Replies
0
Views
627
lunter
lunter

Part and Inventory Search

Sponsor

Back
Top