Advertisement

06.06.2008 at 03:04AM PDT, ID: 23463156
[x]
Attachment Details

Change user's password on Active Directory through VBScript/LDAP, USING ALTERNATIVE CREDENTIALS

Asked by bottishamvc in PHP and Databases, Programming User Management, VB Script

Tags: Microsoft, Windows, 2003

I run a PHP/MySQL intranet in a school environment.  I wish to be able to allow teachers to change pupil passwords through an intranet page.  The teachers are standard users, so I need to authenticate them to LDAP as a Domain Admin user.  I gave up on connecting to LDAPS directly through PHP, as the Certificate Services simply wouldn't work, so have reverted to Plan B, which is to call a VBScript (below), using the exec() function in PHP.  I am much of the way there, as the script works when logged in as a Domain Admin, but not as a standard user.  Ideally, I guess, anyone in the security group 'Staff' would be able to change passwords without having to embed admin credentials.

The web server environment I am running is IIS on Windows 2003, with PHP.  The same server is one of many Domain Controllers, so can take direct LDAP requests.

The help I need is to be shown how to bind to Active Directory using credentials other than those of the current user.  I thought I had it with "objConnection.Properties("User ID")" etc, but my weak VBScript knowledge has taken its tole.  Any help would be very much appreciated.Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:

Dim pUsername
Dim pPassword
 
if WScript.Arguments.Named.Item ("pUsername") <> "" then pUsername = WScript.Arguments.Named.Item ("pUsername") else pUsername = "-"
if WScript.Arguments.Named.Item ("pPassword") <> "" then pPassword = WScript.Arguments.Named.Item ("pPassword") else pPassword = "password"
 
'Find the OU of the user passed as pUsername
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
 
objConnection.Properties("User ID") = "domain\domainadminuser"
objConnection.Properties("Password") = "theirpassword"
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
 
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://dc=domain,dc=local' WHERE objectCategory='user' " & _
        "AND sAMAccountName='" & pUsername & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    vOU = objRecordSet.Fields("distinguishedName").Value
    objRecordSet.MoveNext
Loop
' End find OU
 
' Reset the password of the user
Set objUser = GetObject ("LDAP://" & vOU)
 
'Set the user's initial password
objUser.SetPassword pPassword
objUser.Put "pwdLastSet", "0"
 
'Commit changes to directory
objUser.SetInfo
 
Keywords: Change user's password on Active …
Title
1 LDAP Query from vbscript
2 Developing an app for AD.  Assume L…
3 asp ldap
4 LDAP query for SQL databses in AD
5 Connecting to LDAP
6 User query in LDAP
 
Loading Advertisement...
 
[+][-]06.06.2008 at 05:32AM PDT, ID: 21728334

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.06.2008 at 05:54AM PDT, ID: 21728526

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: PHP and Databases, Programming User Management, VB Script
Tags: Microsoft, Windows, 2003
Sign Up Now!
Solution Provided By: jared_luker
Participating Experts: 2
Solution Grade: A
 
 
[+][-]06.06.2008 at 08:18PM PDT, ID: 21734061

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.09.2008 at 12:54AM PDT, ID: 21741570

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628