Solved

WSCRIPT / ADSI / Password Reset

Posted on 2006-10-29
6
1,374 Views
Last Modified: 2008-01-09
Hi,

I am looking for some guidance, I currently have the following script that I want to use to bind to an AD DC.  This will then reset the password for the specified, account.  The reason the credentials are being specified is because the script will be used to access many other domains as well as the one the server is a member of.

However myscript always fails on the objUser.SetPassword line, with an error of Access Denied.  Now the user being used to bind to AD does have the privilges to change this, as it is an enterprise admin, and doing so thru ADUC works fine.

I am guessing that my binding to AD is either unsuccessful, and resulting in the use of the locally logged on credentials, or it is not binding at all...

However if I replace the objUser.SetPassword (strNewPasswd) with   "Wscript.Echo objUser.AdsPath"  the script promptly returns the DN of the account in question...

Any ideas??

Cheers,
Tony


-----------
Set objRootDSE = GetObject("LDAP://servername.domain.suffix/RootDSE")


####
Credentials Used to Bind to AD with
####
strPath = "LDAP://CN=UserName,OU=CompanyUsers,DC=domain,DC=suffix"
strUser = "username@domain.suffix"
strPasswd = "Password1"



####
Account I want to have the password reset
####
strUserDN = " CN=Username2, OU=CompanyUsers, DC=domain,DC=suffix"
strNewPasswd = "Password!"

Set objUser = GetObject("LDAP://" & strUserDN)
objUser.GetInfo
objUser.SetPassword (strNewPasswd)
objUser.SetInfo


------------
0
Comment
Question by:ihotdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 3

Author Comment

by:ihotdesk
ID: 17830313
Please also note that the lines beginning with  #### and the comments inbetween are not present inthe script and are only a means of highlighting text for the purposes of this question

Cheers,
Tony
0
 
LVL 4

Expert Comment

by:KPCarl
ID: 17830494
Looks like you aren't setting the credentials...

Try:

Set objDSO = GetObject("LDAP:")
Set objUser = objDSO.OpenDSObject(strPath, strUser, strPasswd,0}
     
0
 
LVL 4

Expert Comment

by:KPCarl
ID: 17830501
Correction:

Set objDSO = GetObject("LDAP:")
Set objUser = objDSO.OpenDSObject(strPath, strUser, strPasswd,0)
0
 
LVL 4

Accepted Solution

by:
KPCarl earned 500 total points
ID: 17830533
Use this if you want to encrypt traffic: between your computer and the domain:


Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_ENCRYPTION = 2


Set objDSO = GetObject("LDAP:")
Set objUser = objDSO.OpenDSObject (strPath, strUser, strPasswd, _
ADS_USE_ENCRYPTION OR ADS_SECURE_AUTHENTICATION)

0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is this Task? 4 182
DHCP server 6 68
Questions about DHCP migration 5 118
Domain Controller/ Old server 9 71
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question