Solved

Reset Multiple AD account passwords

Posted on 2004-09-09
8
372 Views
Last Modified: 2010-04-14
I'm in need of resetting about 200+ user accounts in our Win 2000 AD domain to a common password that is pre-expired.  Can someone lend a suggestion?
0
Comment
Question by:danielbourdeau
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 12024528
danielbourdeau
You can set the passwords of multiple user accounts with a VBScript

Go to www.15seconds.com and do a search, there are loads of scripts around that will do what you want, and set the password must be changed on next logon flag as well.

Cheers

JamesDS
0
 
LVL 76

Accepted Solution

by:
David Lee earned 300 total points
ID: 12026093
This script should do the trick.  To use it you will need to create a text file containing the container names of the user's whose passwords you want to reset.  It will only reset the passwords of the names in the file.  The file is simple, each user's container name goes on a separate line.  Copy the script and paste it into a file.  I called mine ChangePass.Vbs, but you can call yours whatever you want so long as it ends with .Vbs.  Edit the script as necessary.  I've included comments telling you where you need to change things.

Credit where credit is due.  I put this script together based on examples I've found on various web sites and from various books.  It is not a completely original creation.


---- Begin ChangePass.Vbs

Dim objFSO
Dim objUser
Dim objUserList
Dim strUserName
Dim strPassword
' Edit the line below and replace MyNewPassword with whatever password you want to use.
strPassword = "MyNewPassword"
Set objFSO = Createobject("Scripting.FileSystemObject")
' Edit the line below and replace the file name C:\UserList.Txt with the name and path of the user list file you created.
Set objUserList = objFSO.OpenTextFile("C:\UserList.Txt",1)
Do While Not objUserList.AtEndOfStream
    strUserName = objUserList.Readline
    ' Edit the line below chnging the ou= and the two dc= parameters to those for your AD domain
    Set objUser = GetObject("LDAP://cn=" & strUserName & ",ou=MyOU,dc=MyOrg,dc=com")
    Wscript.Echo "Changing password for: " & objUser.displayName
    objUser.SetPassword strPassword
Loop
objUserList.Close
Set objUser = Nothing
Set objUserList = Nothing
Set objFSO = Nothing
0
 

Author Comment

by:danielbourdeau
ID: 12027112
Thanks for the help - this is great stuff.  I want to be sure about the input file that I need to create.  Do I need just the OU's listed on individual lines or the qualified name of each user on individual lines?
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12029431
This particular code sample assumes that all the users are in one OU.  If they're not, then you can use separate username files and adjust the OU in the script before running each one, or I can modify the script so you can have the OU and username both in the file.  You're choice.  Right now the user list file just needs the account names of the users, each on a separate line.  If you're in doubt about what the account name is, use ADSIEdit to look and see what the CN= is for a user.  
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:danielbourdeau
ID: 12050948
No.  I'll just create individual files rather than you spending the time.  Very, very generous offer.  Thank you.  I do have another question.  When I make an export of the OU it gives me what appears to be the display name (first and last name) versus the account name.  What am I doing wrong?
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12052602
You're welcome.  Just trying to give back something for all the help and information I've gotten off the internet over the years.

I'm typing this from a computer that doesn't have all my AD reference material on it, but what you want is the CN or Common-Name.  If you open ADSIEdit and drill down into one of your OU's, you'll see that each user entry is represented as CN=UserAccountName.  In my AD structure it looks like this:

    CN=Doe\, Joe

If you're doing an export, CN is the attribute you need.
0
 

Author Comment

by:danielbourdeau
ID: 12063358
I'm going to do an export and run the script you've provided.  Wish me luck - I'll let you know how it turns out.  Thanks again for the time and help.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12063653
Good luck!  Let me know if there's anything I can do to help.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now