Solved

Password unlock/reset solution?

Posted on 2007-11-23
14
2,272 Views
Last Modified: 2013-11-25
I'm a network admin of and Active Directory environment w/ over 150 users We get a lot of tickets for account unlocks. I've seen tons of commercial products (small list below) but quite frankly the pay per user pricing model is absurd.

There are a couple of tutorials out there on how to design your own but I'm no coder.

We have a 15 minutes timeout but that's a lot of lost production time.  And I have 150, but we have another office of 80, and another of 300.  And even though we might only get 1 or 2 tickets a day, that adds up.

As to how they would get to such a page if they're locked out?  1) they could use a neighbor's computer or 2) I could potentially setup a little kiosk workstation for the sole purpose of account unlocks.

Not a comprehensive list by a longshot, but here is just a sampling of the tools I've found that do the job, all of which want to be paid far more than I think is appropriate. After all, I think a good coder could do this in a single day, just setup an ASP page that allows a user to enter an email address, answer a secret question, and if the user provides the correct answer is allowed to unlock or change their password. Just write the data to a little Access database! Oh well...

-NewWrix's Password Manager
-TheDotNetFactory's EmpowerID
-Self Service Admin
-ManageEngine
- ADSelfService Plus
-NetIQ's Secure Password Admin
-Avatier's Password Management
-ADVToolware's SSRPM
-Tools4Ever's Self Service Reset Password Management
0
Comment
Question by:ista_na
14 Comments
 
LVL 11

Expert Comment

by:bsharath
ID: 20341832
TO make a short note on what i have understood...
Are you looking for a script to reset the password.Thats a free of cost solution.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20342152
If you are a domain admin, there are a few things I would recommend for your application.

If computer users are locked out and can log on to another computer using the same credentials for a domain logon, that sounds like cached credentials. As a domain administrator, I would select a GPO to disable saved passwords on the machine. That will probably cut your lockouts to less than half.

I believe you can also reduce the lockout period by using a GPO.

After that, it depends on what you want to do with resetting passwords. Resetting passwords in active directory shouldn't take very long at all. I am not certain what you want to do to reset passwords. Do you want to reset the Active Directory credential password or the local password?
0
 

Author Comment

by:ista_na
ID: 20342577
bsharath: yes either a free or inexpensive way to implement password changes and unlocks from a web interface.  Some of the solutions I've found would cost upwards of $8,000 which I find ridiculous.

ChiefIT:  I don't like the idea of disabling cached passwords.  What about laptops?  And I don't see how that would cut lockouts down, either.  If a user forgets his/her password it has little to do with whether or not it's cached.  The lockout period is determined by management so my hands are tied there.  And yes I know it doesn't take long to reset an Active Directory password, but I still can't find an affordable way to do so from  a web interface.
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20342765
Try this...........

Save this file as UserAdm.hta

regards
Chandru
<html> 

<head>

<title>Simple Active Directory User Management</title>

<script>

window.resizeTo(347,130)

window.moveTo(330,220)

</script>

<HTA:APPLICATION

ApplicationName="UserAdm.hta"

singleInstance="yes"

icon="c:\windows\msagent\agentsvr.exe"

minimizebutton="no"

maximizebutton="no"

border="thick"

borderStyle="sunken"

sysMenu="yes"

scroll="no"

></HTA:APPLICATION>

</head>
 

<HEAD>

<SCRIPT language="vbscript">

Sub bt1Go_onclick()
 

'** Declarations:'

Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS

Dim objNetwork, objShell, objFSO
 

'** Objects:'

Set objNetwork = CreateObject("WScript.Network")

Set objShell = CreateObject("Wscript.Shell")

Set objFSO = CreateObject("Scripting.FileSystemObject")
 

'** User/Domain:'

OPR = objNetwork.UserName

DM = objNetwork.UserDomain & "\"
 

'** Type username for the user that needs password change:'

USR = InputBox("Username:", "Create Temporary Active Directory User Password", _

"Write Username Here")
 

'** Prevent run-time errors:'

On Error Resume Next
 

'** NameTranslate constants:'

Const ADS_NAME_INITTYPE_GC = 3

Const ADS_NAME_TYPE_NT4 = 3

Const ADS_NAME_TYPE_1779 = 1
 

'** Combine the user name and domain name:'

strNTName = DM & USR

strNT2 = DM & OPR
 

'** Translate operator name into DN:'

Set objTrans2 = CreateObject("NameTranslate")

objTrans2.Init ADS_NAME_INITTYPE_GC, ""

objTrans2.Set ADS_NAME_TYPE_NT4, strNT2

strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)

Set objUser2 = GetObject("LDAP://" & strUserDN2)

strUS3 = Mid(strUserDN2,4)

strUS4 = Split(strUS3, ",")

For i = LBound(strUS4) to UBound(strUS4)

strNM2 = strUS4(i)

Exit For

Next
 

'** Translate username into DN:'

Set objTrans = CreateObject("NameTranslate")

objTrans.Init ADS_NAME_INITTYPE_GC, ""

objTrans.Set ADS_NAME_TYPE_NT4, strNTName

If Err <> 0 Then

ABS = 1

End If
 

'** Execute if object is found:'

If ABS <> 1 Then

strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 

'** Do LDAP bind to object:'

Set objUser = GetObject("LDAP://" & strUserDN)
 

'** Get full name:'

strUS1 = Mid(strUserDN,4)

strUS2 = Split(strUS1, ",")

For i = LBound(strUS2) to UBound(strUS2)

strNM = strUS2(i)

Exit For

Next
 

'** Assign password and parameters:'

If strNM <> "" Then

TNP = "changeme" & Mid(objFSO.GetTempName,4,4)

objUser.SetPassword TNP

If Err <> 0 Then

EROR = 1

End If

objUser.Put "pwdLastSet", 0

objUser.IsAccountLocked = False

objUser.SetInfo

End If
 

'** If no error, show new temporary password:'

If EROR <> 1 Then

MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _

vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2

End If
 

End If
 

'** End if object not found:'

If ABS = 1 Then

MsgBox UCase(USR) & " was not found. Please try again.", _

48, "Unknown Username"

End If
 

'** If no permission, give message:'

If EROR = 1 Then

MsgBox "You can not change password for this user.", _

48, "Permission Denied"

Wscript.Quit

End If
 

End Sub

</SCRIPT>

</HEAD>
 

<HEAD>

<SCRIPT language="vbscript">

Sub bt2Go_onclick()
 

'** Declarations:'

Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG

Dim objNetwork, objShell
 

'** Objects:'

Set objNetwork = CreateObject("WScript.Network")

Set objShell = CreateObject("Wscript.Shell")
 

'** User/Domain:'

OPR = objNetwork.UserName

DM = objNetwork.UserDomain & "\"
 

'** Write username for the user that needs to be enabled or disabled:'

USR = InputBox("Username:", "Enable or Disable Active Directory User", _

"Write Username Here")
 

'** Prevent run-time errors:'

On Error Resume Next
 

'** Declare NameTranslate constants:'

Const ADS_NAME_INITTYPE_GC = 3

Const ADS_NAME_TYPE_NT4 = 3

Const ADS_NAME_TYPE_1779 = 1
 

'** Combine the user name and domain name:'

strNTName = DM & USR

strNT2 = DM & OPR
 

'** Translate operator name into DN:'

Set objTrans2 = CreateObject("NameTranslate")

objTrans2.Init ADS_NAME_INITTYPE_GC, ""

objTrans2.Set ADS_NAME_TYPE_NT4, strNT2

strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)

Set objUser2 = GetObject("LDAP://" & strUserDN2)

strUS3 = Mid(strUserDN2,4)

strUS4 = Split(strUS3, ",")

For i = LBound(strUS4) to UBound(strUS4)

strNM2 = strUS4(i)

Exit For

Next
 

'** Translate name into DN:'

Set objTrans = CreateObject("NameTranslate")

objTrans.Init ADS_NAME_INITTYPE_GC, ""

objTrans.Set ADS_NAME_TYPE_NT4, strNTName

strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 

'** Do LDAP bind to object:'

Set objUser = GetObject("LDAP://" & strUserDN)
 

'** Get full name:'

strUS1 = Mid(strUserDN,4)

strUS2 = Split(strUS1, ",")

For i = LBound(strUS2) to UBound(strUS2)

strNM = strUS2(i)

Exit For

Next
 

'** If no error, enable or disable user:'

If Err = 0 Then

Const ADS_UF_ACCOUNTDISABLE = 2

intUAC = objUser.Get("userAccountControl")

objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE

objUser.SetInfo

If intUAC AND ADS_UF_ACCOUNTDISABLE Then

POS = 1

Else

NEG = 1

End If

Else

objShell.Popup UCase(USR) & " was not found. Please try again.", _

5, "Unknown Username", 48

Wscript.Quit

End If
 

'** If no permission, give message:'

If Err = "-2147024891" Then

DENY = 1

objShell.Popup "You can not enable or disable this user.", _

5, "Permission Denied", 48

Wscript.Quit

End If
 

'** If no error, show result:'

If DENY <> 1 Then

If POS = 1 Then

MsgBox UCase(USR) & " were successfully enabled.", _

64, "User enabled by " & strNM2

End If
 

If NEG = 1 Then

MsgBox UCase(USR) & " were successfully disabled.", _

64, "User disabled by " & strNM2

End If

End If
 

End Sub

</SCRIPT>

</HEAD>
 

<body bgcolor="#003366">

<table border="1" id="table1" bgcolor="#EEEEEE" bordercolorlight="#C0C0C0" bordercolordark="#666699" bordercolor="#C0C0C0">

<tr>

<td width="266"><b><font face="Verdana" size="2" color="#800000">Change User Password</font></b></td>

<td align="center"><input type="button" value=" " name="bt1Go"></td>

</tr>

<tr>

<td width="266"><b><font face="Verdana" size="2" color="#800000">Enable or Disable User</font></b></td>

<td align="center"><input type="button" value=" " name="bt2Go"></td>

</tr>

</table>

</body>

</html> 

Open in new window

0
 

Author Comment

by:ista_na
ID: 20342922
I tried that, but it kept saying "user not found" no matter which user I tried any with any combination (user, domain\user, user@domain.com, etc).  Also I'm looking for a solution that would allow a user to authenticate themselves via a pre-answered secret question.
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20342929
Are you trying with your admin account who has rights to change the password or unlock account?


"Authenticate users via a pre-asnwered secret question" -- I didn't understand this

regards
Chandru
0
 

Author Comment

by:ista_na
ID: 20342987
Ok it's like this.  You work for North Central Positronics.  Your network admin tells you to sign up for th password unlock page and you do so.  Then a week later you forget your Windows password.  Then you can get on another computer, go to http://passreset.northcentralpositronics.com, and enter your username and it'll ask you your secret question:  "What is your dog's maiden name?"

Then you say to yourself, who *did* my  dog marry, and what *was* her maiden name?

Once you remember you answer and if correct, you are presented with 2 options:  Unlock your account, or reset your password.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 12

Accepted Solution

by:
chandru_sol earned 500 total points
ID: 20342995
I think that cannot be done.

User will not have the rights to write password or unlock attributes.

You can try this HTA which works

regards
Chandru
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<meta name="description" content="Created by David Larsen and Mike Gormley">

<meta name="description" content="Version Number: Beta2">

<meta name="description" content="Last Update: 11/28/06">

<title>ADUC User Grab</title>

<script language="vbscript">
 

'This Sub controls various settings when the HTA is launched.

Sub window_OnLoad()

'On Error Resume Next

	'Set window size

	self.ResizeTo 675,525

	BaseUserInfo.innerhtml = "<center><br>User account information will display in this area once searched<br></center>"

End Sub
 

'This Sub contains the code behind the userid search button

Sub useridsearch
 

'Define Constant and declare variables

Const ADS_UF_ACCOUNTDISABLE = &H02

Const ADS_UF_PASSWD_CANT_CHANGE = &H40

Const ADS_UF_LOCKOUT = &H10

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

Const SEC_IN_DAY = 86400

acctdisable = "Enabled"

acctlocked = "Not Locked"

strPasswordSet = ""
 

' Use ADO to search Active Directory.

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOOBject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
 

' Determine the DNS domain from the RootDSE object.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("DefaultNamingContext")

strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & struserid.value & "))"

strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _

  & ";sAMAccountName, distinguishedName, UserAccountControl, CN, l, mail, Department, telephoneNumber, Title, employeeid;subtree"
 

objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 750

objCommand.Properties("Timeout") = 60

objCommand.Properties("Cache Results") = False
 

' Enumerate all users. Check if accounts disabled.

Set objRecordset = objCommand.execute

x = 0

Do Until objRecordset.EOF

	'if user is found, set strusrpath to full DN name

	intFlag = objRecordSet.Fields("userAccountControl")

	lngFlag = objRecordSet.Fields("userAccountControl")

	strusrpath = objrecordset.fields("distinguishedName")

	Txt_userdn = strusrpath

	Txt_userid = objRecordSet.Fields("SamAccountName")

	Txt_userempid = objRecordSet.fields("employeeid")

	Txt_usercn = objRecordSet.fields("cn")

	Txt_userAC = objRecordSet.fields("UserAccountControl")

	Txt_userDept = objRecordSet.fields("Department")

	Txt_userTitle = objRecordSet.fields("Title")

	Txt_userCity = objRecordSet.fields("l")

	Txt_userEMail = objRecordSet.fields("mail")

	Txt_userPhone = objRecordSet.fields("telephoneNumber")

	strPasswordset = "<hr><font color=""#fcff00""><b>Reset User Password:</b></font> <input type=""password"" name=""password""> <input id=passreset  class=""button"" type=""button"" value=""Change Password"" name=""changepass""  onClick=""ChangePassword"">"
 

	If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then

		acctdisable = "Disabled"

	End If

	Set objUser = GetObject("LDAP://" & strusrpath & "")

	intUAC = objUser.Get("UserAccountControl")
 

	If objUser.IsAccountLocked = True Then

		strPasswordset = strPasswordset & " <input id=unlock class=""button"" type=""button"" value=""Unlock Account"" name=""accunlock"" onclick=""UnlockAccount"">"

		acctlocked = "Locked"

	End If
 

	If intFlag And ADS_UF_DONT_EXPIRE_PASSWD Then

		Txt_pwdexpire = "The password <font color=""#fcff00""><b>does not</b></font> expire<br><center></center>"

	Else

		dtmValue = objUser.PasswordLastChanged 

		intTimeInterval = int(Now - dtmValue)

		'modify domain name in next line

		Set objDomainNT = GetObject("WinNT://domain")

		ntMaxPwdAge = objDomainNT.Get("MaxPasswordAge")

		intMaxPwdAge = (ntMaxPwdAge/SEC_IN_DAY)

		If intTimeInterval >= intMaxPwdAge Then

      		Txt_pwdexpire = "Password <font color=""#fcff00""><b>has</b></font> expired<br><center></center>"

    	Else

      		Txt_pwdexpire = "Password will expire in <font color=""#fcff00""><b>" & int((dtmValue + intMaxPwdAge) - now) & "</b></font> days<br><center></center>"

    	End If

   	End If

   	strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _

   		"<tr><td bgcolor=""#5a2378""><b>User ID</b></td><td bgcolor=""#5a2378""><b>Full Name</b></td><td bgcolor=""#5a2378""><b>Badge ID</b></td></tr>" & _

   		"<tr><td>" & Txt_userid & "</td><td>" & Txt_usercn & "</td><td>" & Txt_userempid & "</td></tr></table>"

   

   	strAddUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _

   		"<tr><td bgcolor=""#5a2378""><b><center>Additional Information</center></b></td></tr>" & _

   		"<tr><td><i>Title:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userTitle & _ 

   			"<br><i>Department:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userDept & _

   			"<br><i>City:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userCity & _

   			"<br><i>Telephone:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userPhone  & _

   			"<br><i>E-Mail:&nbsp;&nbsp;&nbsp;&nbsp;</i>"& Txt_userEMail & _

   			"</td></tr></table>"

   

   	strAccUserStatus = "<table border=1 cellspacing=""0"" width=""100%"">" & _

   		"<tr><td bgcolor=""#5a2378""><b><center>Account Status</center></b></td></tr>" & _

   		"<tr><td><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctdisable & "</b></font>" & _

   			"<br><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctlocked & "</b></font>" & _

   			"<br><i>" & Txt_pwdexpire & "</i>" & _

   			"</td></tr></table>" 

   	x=x+1

	objRecordset.MoveNext

Loop

If x = 0 Then

    strBaseUserInfo = "<br><center><font size=5>The requested username<br><marquee SCROLLAMOUNT=""15""><font size=7 color=""#fcff00""><img src=""error.gif"" align=""middle"">" & struserid.value &"<img src=""error.gif"" align=""middle""></font></marquee><br>is not found in Active Directory</font></center>"

Else
 

End If

BaseUserInfo.innerhtml = strBaseUserInfo

AddUserInfo.innerhtml = strAddUserInfo

AccUserStatus.innerhtml = strAccUserStatus

AdditionalOptions.innerhtml = strpasswordset

End Sub
 

Sub LastSearch

AddUserInfo.innerhtml = ""

AccUserStatus.innerhtml = ""

AdditionalOptions.innerhtml = ""

acctdisable = "Enabled"

acctlocked = "Not Locked"

' Use ADO to search Active Directory.

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOOBject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
 

' Determine the DNS domain from the RootDSE object.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("DefaultNamingContext")

strFilter = "(&(objectCategory=person)(objectClass=user)(sn=" & struserid.value & "))"

strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _

  & ";sAMAccountName,distinguishedname,userAccountControl,cn"
 

objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 750

objCommand.Properties("Timeout") = 60

objCommand.Properties("Cache Results") = False
 

' Enumerate all users. Check if accounts disabled.

Set objRecordset = objCommand.execute

x = 0

strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _

 		"<tr><td bgcolor=""#5a2378""><b>Full Name</b></td><td bgcolor=""#5a2378""><b>User ID</b></td><td bgcolor=""#5a2378""><b>Search User</b></td></tr>"
 

Do Until objRecordset.EOF

	Txt_userid = objRecordSet.Fields("SamAccountName")

	Txt_fullname = objRecordset.Fields("cn")

	strBaseUserInfo = strBaseUserInfo & "<tr><td>" & Txt_fullname & "</td><td>" & Txt_userid & "</td><td> <input id=""changeid"" type=""button"" value=""Search UserID"" name=""useridmod""  onClick= ""GetUser('" & Txt_userid & "')""> </td></tr>"

	x=x+1

	objRecordset.MoveNext

Loop

If x = 0 Then

    strBaseUserinfo = "<br><center>The lastname " & struserid &" is not found in Active Directory.<br><img src=""lasterror.gif""></center>"

End If

strBaseUserInfo = strBaseUserInfo & "</table>"

BaseUserInfo.innerhtml = strBaseUserInfo

End Sub
 

Sub ChangePassword

'Connect to Active directory And check user to be cloned exists

'must enter strUserid = username

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")

objCommand.ActiveConnection = objConnection

objcommand.commandtext = _

 "<LDAP://DC=ads,DC=trilegiant,DC=com>;" & _

  "(&(objectCategory=person)(objectClass=user)" & _

            "(sAMAccountName=" & struserid.value &"));" & _

                "sAMAccountName, distinguishedName;subtree"

Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then

    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"

    'WScript.quit

Else

    While Not objRecordset.EOF

    	userdn = objRecordSet.fields("distinguishedname")

		Set objUser = GetObject("LDAP://" & userdn & "")

		objUser.SetPassword password.value

		objUser.SetInfo

		On Error Resume Next

		If Err.Number <> 0 Then

			MsgBox(Err.Number & " " & Err.Description)

		Else

			MsgBox("Password Changed Successfully")

		End If        

        objRecordset.MoveNext

    Wend

End If

End Sub
 

Sub UnlockAccount

'Connect to Active directory And check user to be cloned exists

'must enter strUserid = username

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")

objCommand.ActiveConnection = objConnection

objcommand.commandtext = _

 "<LDAP://DC=ads,DC=trilegiant,DC=com>;" & _

  "(&(objectCategory=person)(objectClass=user)" & _

            "(sAMAccountName=" & struserid.value &"));" & _

                "sAMAccountName, distinguishedName;subtree"

Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then

    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"

    'WScript.quit

Else

    While Not objRecordset.EOF

    	userdn = objRecordSet.fields("distinguishedname")

		Set objUser = GetObject("LDAP://" & userdn & "")

		objUser.IsAccountLocked = False

		objUser.SetInfo

		On Error Resume Next

		If Err.Number <> 0 Then

			MsgBox(Err.Number & " " & Err.Description)

		Else

			MsgBox("Account Unlocked")

		End If        

        objRecordset.MoveNext

    Wend

End If

End Sub
 

Function GetUser(strID)

Struserid.Value = strID

Call useridsearch

End Function
 

</script>

<hta:application

	applicationname="ADUCUserGrab"	

	border="thin"

	borderstyle="normal"

	caption="ADUC User Grab"

	contextmenu="yes"

	icon="aduc_sm.ico"

	maximizebutton="no"

	minimizebutton="yes"

	navigable="yes"

	scroll="yes"

	selection="yes"

	showintaskbar="yes"

	singleinstance="yes"

	sysmenu="yes"

	version="1.0"

	windowstate="normal"

>

</head>

<body topmargin="1" leftmargin="0" rightmargin="0" bottommargin="1" bgcolor="#074075" text="#FFFFFF">

<table border="0" width="640" cellspacing="0" cellpadding="0">

	<tr>

		<td align="center" valign="top" height="110" bgcolor="#074075">

			<i>Enter the <u>userid</u> or <u>last name</u> below and click appropriate search.</i><br>

			<input type="text" name="StrUserid" size="20">

			<input id=idsearchbutton  class="button" type="button" value="Search On UserID" name="userid"  onClick="useridsearch">

			<input id=lastsearchbutton  class="button" type="button" value="Search On Last Name" name="lastname"  onClick="LastSearch">

		</td>

	</tr>

	<tr>

		<td valign="top" height="300" bgcolor="#1d5087">

			<Div id="BaseUserInfo"></Div>

			<br>

			<table border="0" width="100%" cellspacing="1" cellpadding="0">

				<tr>

					<td width="60%" valign="top"><Div id="AddUserInfo"></Div></td>

					<td width="40%" valign="top"><Div id="AccUserStatus"></Div></td>

				</tr>

			</table>

		</td>

	</tr>

	<tr>

		<td valign="top" height="70" bgcolor="#074075">

			<div id="AdditionalOptions"></div>

		</td>

	</tr>

</table>

</body>

</html>

Open in new window

0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20342998
Change 182 and 87 line to suit your domain


regards
Chandru
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20390402
Did you try this HTA which does the job?

regards
Chandru
0
 
LVL 1

Expert Comment

by:neptuneit
ID: 20473056
Chandru,

I used your HTA and it works beautifully...for me. I suppose it works because when I run it from my PC it is using my account - a domain admin. I would like to give this HTA to our helpdesk staff however. Is there a way to add credentials so that they have the ability to reset passwords? If so, is there a way to do it without showing in clear text what those credentials are?

Thanks!
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20473159
I think we can have alternate credentials for the HTA. I will work on this and post the code

regards
Chandru
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20485712
Can i know why Grade B, as i was busy today i thought i will work on this in the night today?

regards
Chandru
0
 
LVL 1

Expert Comment

by:First Last
ID: 30723335
For some reason when I run this script I can reset a account password, but I can't successfully unlock an account. I'm testing the script from 2003 box as the domain admin. Any ideas?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I worked at a US software company that used offshore contractors for ten years and offshore employees for three years. We had a positive experience and you can too.   When I interviewed people for positions in the US, I would tell them that we wor…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now