Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: Reset Password in Active Directory
I want to reset passwords in Active Directory for only users that have never logged on (or who have 'user must change password at next logon' checked).
The problem is we migrated everyone over from NT4 and 98% of the users passwords are equal to their username unless they've logged on already. We're about to get audited and we're going to fail if we don't fix their passwords. I'd like to use like first initial last initial (caps) 1234 or something since we have complex passwords enabled. Any ideas?
pwageinseconds=wntUserGetDat("\\%server%","%org_person%","password_age",0) pwmade=TimeSubtract(TimeYmdHms(),"0000:00:00:00:00:%pwageinseconds%") ;Message("Password Established",pwmade) ;Do passwords ever expire for this account UF_DONT_EXPIRE_PASSWD=65536 theflags=wntUserGetDat("\\%server%","%org_person%","flags",0) If (theflags & UF_DONT_EXPIRE_PASSWD) !=0 Message("%org_person%","Passwords do not expire for this account") exit EndIf maxpasswordageindays=wntAcctPolGet("\\%server%",2) ;Message("MaxP",maxpasswordageindays) If maxpasswordageindays == -1 Message("\\%server%","Passwords do not expire on this server") Else pswdexpires=TimeAdd(pwmade,"0000:0000:%maxpasswordageindays%:00:00:00") ;Message("%org_person%",StrCat("Passowrd expires on",@CRLF,pswdexpires)) EndIf :Pswd_check current=TimeYmdHms( ) DaysLeft=TimeDiffDays(pswdexpires, current) if DaysLeft < 0 then DaysLeft = DaysLeft * -1 if DaysLeft < 14 q = AskYesNo(msghdr, "Your Password will expire in %DaysLeft% days...%@crlf%Please change it now.") Else exit Endif If q == @NO Message(msghdr,"If the password expires before it is changed logon may not be possible") exit Endif :Password_chg old=AskPassword(msghdr,"Enter old password") while @TRUE new1=AskPassword(msghdr,"Enter new password") new2=AskPassword(msghdr,"Enter new password again") if new1==new2 then break Message(msghdr,"The new passwords you entered do not match") endwhile rslt=wntChgPswd("%domain%", "%org_person%", old, new1) if rslt Message(msghdr,"Successfully changed") else Message(msghdr,"Error - Pasword could not be changed%@crlf%Please contact your Administrator.") endif BoxDestroy(1)
Another approach is to use the ADSI extender. Here is a crude script that may get you started.
; Add the extender AddExtender("wwads32i.dll") ; Note: Count running script must have Change Password privileges suserPath ="LDAP://birch/CN=Homer Simpson,CN=Users,DC=mysub,DC=mydomain,DC=com" ; Check if password has expired. PwTime = dsGetProperty(suserPath, "pwdLastSet") ; If password must be changed next login, will be 0 if PwTime == 0 ;Creat a password somehow. ; then set it. dsSetPassword(suserPath, "", "HS12345") message("Password changed", suserPath) endifOne way to get a list of users on a domain is to use the dsFindPath function with a search filter something like "(&(objectCategory=person)(cn=*))"
Article ID: W15391
File Created: 2003:05:13:11:27:26
Last Updated: 2003:05:13:11:27:26