Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Reset Multiple AD account passwords

Posted on 2004-09-09
8
Medium Priority
?
381 Views
Last Modified: 2010-04-14
I'm in need of resetting about 200+ user accounts in our Win 2000 AD domain to a common password that is pre-expired.  Can someone lend a suggestion?
0
Comment
Question by:danielbourdeau
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 12024528
danielbourdeau
You can set the passwords of multiple user accounts with a VBScript

Go to www.15seconds.com and do a search, there are loads of scripts around that will do what you want, and set the password must be changed on next logon flag as well.

Cheers

JamesDS
0
 
LVL 76

Accepted Solution

by:
David Lee earned 1200 total points
ID: 12026093
This script should do the trick.  To use it you will need to create a text file containing the container names of the user's whose passwords you want to reset.  It will only reset the passwords of the names in the file.  The file is simple, each user's container name goes on a separate line.  Copy the script and paste it into a file.  I called mine ChangePass.Vbs, but you can call yours whatever you want so long as it ends with .Vbs.  Edit the script as necessary.  I've included comments telling you where you need to change things.

Credit where credit is due.  I put this script together based on examples I've found on various web sites and from various books.  It is not a completely original creation.


---- Begin ChangePass.Vbs

Dim objFSO
Dim objUser
Dim objUserList
Dim strUserName
Dim strPassword
' Edit the line below and replace MyNewPassword with whatever password you want to use.
strPassword = "MyNewPassword"
Set objFSO = Createobject("Scripting.FileSystemObject")
' Edit the line below and replace the file name C:\UserList.Txt with the name and path of the user list file you created.
Set objUserList = objFSO.OpenTextFile("C:\UserList.Txt",1)
Do While Not objUserList.AtEndOfStream
    strUserName = objUserList.Readline
    ' Edit the line below chnging the ou= and the two dc= parameters to those for your AD domain
    Set objUser = GetObject("LDAP://cn=" & strUserName & ",ou=MyOU,dc=MyOrg,dc=com")
    Wscript.Echo "Changing password for: " & objUser.displayName
    objUser.SetPassword strPassword
Loop
objUserList.Close
Set objUser = Nothing
Set objUserList = Nothing
Set objFSO = Nothing
0
 

Author Comment

by:danielbourdeau
ID: 12027112
Thanks for the help - this is great stuff.  I want to be sure about the input file that I need to create.  Do I need just the OU's listed on individual lines or the qualified name of each user on individual lines?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 76

Expert Comment

by:David Lee
ID: 12029431
This particular code sample assumes that all the users are in one OU.  If they're not, then you can use separate username files and adjust the OU in the script before running each one, or I can modify the script so you can have the OU and username both in the file.  You're choice.  Right now the user list file just needs the account names of the users, each on a separate line.  If you're in doubt about what the account name is, use ADSIEdit to look and see what the CN= is for a user.  
0
 

Author Comment

by:danielbourdeau
ID: 12050948
No.  I'll just create individual files rather than you spending the time.  Very, very generous offer.  Thank you.  I do have another question.  When I make an export of the OU it gives me what appears to be the display name (first and last name) versus the account name.  What am I doing wrong?
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12052602
You're welcome.  Just trying to give back something for all the help and information I've gotten off the internet over the years.

I'm typing this from a computer that doesn't have all my AD reference material on it, but what you want is the CN or Common-Name.  If you open ADSIEdit and drill down into one of your OU's, you'll see that each user entry is represented as CN=UserAccountName.  In my AD structure it looks like this:

    CN=Doe\, Joe

If you're doing an export, CN is the attribute you need.
0
 

Author Comment

by:danielbourdeau
ID: 12063358
I'm going to do an export and run the script you've provided.  Wish me luck - I'll let you know how it turns out.  Thanks again for the time and help.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12063653
Good luck!  Let me know if there's anything I can do to help.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Integration Management Part 2
Screencast - Getting to Know the Pipeline
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question