Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

Reset Multiple AD account passwords

I'm in need of resetting about 200+ user accounts in our Win 2000 AD domain to a common password that is pre-expired.  Can someone lend a suggestion?
0
danielbourdeau
Asked:
danielbourdeau
  • 4
  • 3
1 Solution
 
JamesDSCommented:
danielbourdeau
You can set the passwords of multiple user accounts with a VBScript

Go to www.15seconds.com and do a search, there are loads of scripts around that will do what you want, and set the password must be changed on next logon flag as well.

Cheers

JamesDS
0
 
David LeeCommented:
This script should do the trick.  To use it you will need to create a text file containing the container names of the user's whose passwords you want to reset.  It will only reset the passwords of the names in the file.  The file is simple, each user's container name goes on a separate line.  Copy the script and paste it into a file.  I called mine ChangePass.Vbs, but you can call yours whatever you want so long as it ends with .Vbs.  Edit the script as necessary.  I've included comments telling you where you need to change things.

Credit where credit is due.  I put this script together based on examples I've found on various web sites and from various books.  It is not a completely original creation.


---- Begin ChangePass.Vbs

Dim objFSO
Dim objUser
Dim objUserList
Dim strUserName
Dim strPassword
' Edit the line below and replace MyNewPassword with whatever password you want to use.
strPassword = "MyNewPassword"
Set objFSO = Createobject("Scripting.FileSystemObject")
' Edit the line below and replace the file name C:\UserList.Txt with the name and path of the user list file you created.
Set objUserList = objFSO.OpenTextFile("C:\UserList.Txt",1)
Do While Not objUserList.AtEndOfStream
    strUserName = objUserList.Readline
    ' Edit the line below chnging the ou= and the two dc= parameters to those for your AD domain
    Set objUser = GetObject("LDAP://cn=" & strUserName & ",ou=MyOU,dc=MyOrg,dc=com")
    Wscript.Echo "Changing password for: " & objUser.displayName
    objUser.SetPassword strPassword
Loop
objUserList.Close
Set objUser = Nothing
Set objUserList = Nothing
Set objFSO = Nothing
0
 
danielbourdeauAuthor Commented:
Thanks for the help - this is great stuff.  I want to be sure about the input file that I need to create.  Do I need just the OU's listed on individual lines or the qualified name of each user on individual lines?
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
David LeeCommented:
This particular code sample assumes that all the users are in one OU.  If they're not, then you can use separate username files and adjust the OU in the script before running each one, or I can modify the script so you can have the OU and username both in the file.  You're choice.  Right now the user list file just needs the account names of the users, each on a separate line.  If you're in doubt about what the account name is, use ADSIEdit to look and see what the CN= is for a user.  
0
 
danielbourdeauAuthor Commented:
No.  I'll just create individual files rather than you spending the time.  Very, very generous offer.  Thank you.  I do have another question.  When I make an export of the OU it gives me what appears to be the display name (first and last name) versus the account name.  What am I doing wrong?
0
 
David LeeCommented:
You're welcome.  Just trying to give back something for all the help and information I've gotten off the internet over the years.

I'm typing this from a computer that doesn't have all my AD reference material on it, but what you want is the CN or Common-Name.  If you open ADSIEdit and drill down into one of your OU's, you'll see that each user entry is represented as CN=UserAccountName.  In my AD structure it looks like this:

    CN=Doe\, Joe

If you're doing an export, CN is the attribute you need.
0
 
danielbourdeauAuthor Commented:
I'm going to do an export and run the script you've provided.  Wish me luck - I'll let you know how it turns out.  Thanks again for the time and help.
0
 
David LeeCommented:
Good luck!  Let me know if there's anything I can do to help.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now