Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2347
  • Last Modified:

Password unlock/reset solution?

I'm a network admin of and Active Directory environment w/ over 150 users We get a lot of tickets for account unlocks. I've seen tons of commercial products (small list below) but quite frankly the pay per user pricing model is absurd.

There are a couple of tutorials out there on how to design your own but I'm no coder.

We have a 15 minutes timeout but that's a lot of lost production time.  And I have 150, but we have another office of 80, and another of 300.  And even though we might only get 1 or 2 tickets a day, that adds up.

As to how they would get to such a page if they're locked out?  1) they could use a neighbor's computer or 2) I could potentially setup a little kiosk workstation for the sole purpose of account unlocks.

Not a comprehensive list by a longshot, but here is just a sampling of the tools I've found that do the job, all of which want to be paid far more than I think is appropriate. After all, I think a good coder could do this in a single day, just setup an ASP page that allows a user to enter an email address, answer a secret question, and if the user provides the correct answer is allowed to unlock or change their password. Just write the data to a little Access database! Oh well...

-NewWrix's Password Manager
-TheDotNetFactory's EmpowerID
-Self Service Admin
-ManageEngine
- ADSelfService Plus
-NetIQ's Secure Password Admin
-Avatier's Password Management
-ADVToolware's SSRPM
-Tools4Ever's Self Service Reset Password Management
0
ista_na
Asked:
ista_na
1 Solution
 
bsharathCommented:
TO make a short note on what i have understood...
Are you looking for a script to reset the password.Thats a free of cost solution.
0
 
ChiefITCommented:
If you are a domain admin, there are a few things I would recommend for your application.

If computer users are locked out and can log on to another computer using the same credentials for a domain logon, that sounds like cached credentials. As a domain administrator, I would select a GPO to disable saved passwords on the machine. That will probably cut your lockouts to less than half.

I believe you can also reduce the lockout period by using a GPO.

After that, it depends on what you want to do with resetting passwords. Resetting passwords in active directory shouldn't take very long at all. I am not certain what you want to do to reset passwords. Do you want to reset the Active Directory credential password or the local password?
0
 
ista_naAuthor Commented:
bsharath: yes either a free or inexpensive way to implement password changes and unlocks from a web interface.  Some of the solutions I've found would cost upwards of $8,000 which I find ridiculous.

ChiefIT:  I don't like the idea of disabling cached passwords.  What about laptops?  And I don't see how that would cut lockouts down, either.  If a user forgets his/her password it has little to do with whether or not it's cached.  The lockout period is determined by management so my hands are tied there.  And yes I know it doesn't take long to reset an Active Directory password, but I still can't find an affordable way to do so from  a web interface.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
chandru_solCommented:
Try this...........

Save this file as UserAdm.hta

regards
Chandru
<html> 
<head>
<title>Simple Active Directory User Management</title>
<script>
window.resizeTo(347,130)
window.moveTo(330,220)
</script>
<HTA:APPLICATION
ApplicationName="UserAdm.hta"
singleInstance="yes"
icon="c:\windows\msagent\agentsvr.exe"
minimizebutton="no"
maximizebutton="no"
border="thick"
borderStyle="sunken"
sysMenu="yes"
scroll="no"
></HTA:APPLICATION>
</head>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt1Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS
Dim objNetwork, objShell, objFSO
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Type username for the user that needs password change:'
USR = InputBox("Username:", "Create Temporary Active Directory User Password", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate username into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If Err <> 0 Then
ABS = 1
End If
 
'** Execute if object is found:'
If ABS <> 1 Then
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** Assign password and parameters:'
If strNM <> "" Then
TNP = "changeme" & Mid(objFSO.GetTempName,4,4)
objUser.SetPassword TNP
If Err <> 0 Then
EROR = 1
End If
objUser.Put "pwdLastSet", 0
objUser.IsAccountLocked = False
objUser.SetInfo
End If
 
'** If no error, show new temporary password:'
If EROR <> 1 Then
MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
End If
 
End If
 
'** End if object not found:'
If ABS = 1 Then
MsgBox UCase(USR) & " was not found. Please try again.", _
48, "Unknown Username"
End If
 
'** If no permission, give message:'
If EROR = 1 Then
MsgBox "You can not change password for this user.", _
48, "Permission Denied"
Wscript.Quit
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt2Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
Dim objNetwork, objShell
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Write username for the user that needs to be enabled or disabled:'
USR = InputBox("Username:", "Enable or Disable Active Directory User", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** Declare NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate name into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** If no error, enable or disable user:'
If Err = 0 Then
Const ADS_UF_ACCOUNTDISABLE = 2
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
POS = 1
Else
NEG = 1
End If
Else
objShell.Popup UCase(USR) & " was not found. Please try again.", _
5, "Unknown Username", 48
Wscript.Quit
End If
 
'** If no permission, give message:'
If Err = "-2147024891" Then
DENY = 1
objShell.Popup "You can not enable or disable this user.", _
5, "Permission Denied", 48
Wscript.Quit
End If
 
'** If no error, show result:'
If DENY <> 1 Then
If POS = 1 Then
MsgBox UCase(USR) & " were successfully enabled.", _
64, "User enabled by " & strNM2
End If
 
If NEG = 1 Then
MsgBox UCase(USR) & " were successfully disabled.", _
64, "User disabled by " & strNM2
End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<body bgcolor="#003366">
<table border="1" id="table1" bgcolor="#EEEEEE" bordercolorlight="#C0C0C0" bordercolordark="#666699" bordercolor="#C0C0C0">
<tr>
<td width="266"><b><font face="Verdana" size="2" color="#800000">Change User Password</font></b></td>
<td align="center"><input type="button" value=" " name="bt1Go"></td>
</tr>
<tr>
<td width="266"><b><font face="Verdana" size="2" color="#800000">Enable or Disable User</font></b></td>
<td align="center"><input type="button" value=" " name="bt2Go"></td>
</tr>
</table>
</body>
</html> 

Open in new window

0
 
ista_naAuthor Commented:
I tried that, but it kept saying "user not found" no matter which user I tried any with any combination (user, domain\user, user@domain.com, etc).  Also I'm looking for a solution that would allow a user to authenticate themselves via a pre-answered secret question.
0
 
chandru_solCommented:
Are you trying with your admin account who has rights to change the password or unlock account?


"Authenticate users via a pre-asnwered secret question" -- I didn't understand this

regards
Chandru
0
 
ista_naAuthor Commented:
Ok it's like this.  You work for North Central Positronics.  Your network admin tells you to sign up for th password unlock page and you do so.  Then a week later you forget your Windows password.  Then you can get on another computer, go to http://passreset.northcentralpositronics.com, and enter your username and it'll ask you your secret question:  "What is your dog's maiden name?"

Then you say to yourself, who *did* my  dog marry, and what *was* her maiden name?

Once you remember you answer and if correct, you are presented with 2 options:  Unlock your account, or reset your password.
0
 
chandru_solCommented:
I think that cannot be done.

User will not have the rights to write password or unlock attributes.

You can try this HTA which works

regards
Chandru
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="description" content="Created by David Larsen and Mike Gormley">
<meta name="description" content="Version Number: Beta2">
<meta name="description" content="Last Update: 11/28/06">
<title>ADUC User Grab</title>
<script language="vbscript">
 
'This Sub controls various settings when the HTA is launched.
Sub window_OnLoad()
'On Error Resume Next
	'Set window size
	self.ResizeTo 675,525
	BaseUserInfo.innerhtml = "<center><br>User account information will display in this area once searched<br></center>"
End Sub
 
'This Sub contains the code behind the userid search button
Sub useridsearch
 
'Define Constant and declare variables
Const ADS_UF_ACCOUNTDISABLE = &H02
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_LOCKOUT = &H10
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const SEC_IN_DAY = 86400
acctdisable = "Enabled"
acctlocked = "Not Locked"
strPasswordSet = ""
 
' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & struserid.value & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";sAMAccountName, distinguishedName, UserAccountControl, CN, l, mail, Department, telephoneNumber, Title, employeeid;subtree"
 
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 750
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
 
' Enumerate all users. Check if accounts disabled.
Set objRecordset = objCommand.execute
x = 0
Do Until objRecordset.EOF
	'if user is found, set strusrpath to full DN name
	intFlag = objRecordSet.Fields("userAccountControl")
	lngFlag = objRecordSet.Fields("userAccountControl")
	strusrpath = objrecordset.fields("distinguishedName")
	Txt_userdn = strusrpath
	Txt_userid = objRecordSet.Fields("SamAccountName")
	Txt_userempid = objRecordSet.fields("employeeid")
	Txt_usercn = objRecordSet.fields("cn")
	Txt_userAC = objRecordSet.fields("UserAccountControl")
	Txt_userDept = objRecordSet.fields("Department")
	Txt_userTitle = objRecordSet.fields("Title")
	Txt_userCity = objRecordSet.fields("l")
	Txt_userEMail = objRecordSet.fields("mail")
	Txt_userPhone = objRecordSet.fields("telephoneNumber")
	strPasswordset = "<hr><font color=""#fcff00""><b>Reset User Password:</b></font> <input type=""password"" name=""password""> <input id=passreset  class=""button"" type=""button"" value=""Change Password"" name=""changepass""  onClick=""ChangePassword"">"
 
	If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
		acctdisable = "Disabled"
	End If
	Set objUser = GetObject("LDAP://" & strusrpath & "")
	intUAC = objUser.Get("UserAccountControl")
 
	If objUser.IsAccountLocked = True Then
		strPasswordset = strPasswordset & " <input id=unlock class=""button"" type=""button"" value=""Unlock Account"" name=""accunlock"" onclick=""UnlockAccount"">"
		acctlocked = "Locked"
	End If
 
	If intFlag And ADS_UF_DONT_EXPIRE_PASSWD Then
		Txt_pwdexpire = "The password <font color=""#fcff00""><b>does not</b></font> expire<br><center></center>"
	Else
		dtmValue = objUser.PasswordLastChanged 
		intTimeInterval = int(Now - dtmValue)
		'modify domain name in next line
		Set objDomainNT = GetObject("WinNT://domain")
		ntMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
		intMaxPwdAge = (ntMaxPwdAge/SEC_IN_DAY)
		If intTimeInterval >= intMaxPwdAge Then
      		Txt_pwdexpire = "Password <font color=""#fcff00""><b>has</b></font> expired<br><center></center>"
    	Else
      		Txt_pwdexpire = "Password will expire in <font color=""#fcff00""><b>" & int((dtmValue + intMaxPwdAge) - now) & "</b></font> days<br><center></center>"
    	End If
   	End If
   	strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   		"<tr><td bgcolor=""#5a2378""><b>User ID</b></td><td bgcolor=""#5a2378""><b>Full Name</b></td><td bgcolor=""#5a2378""><b>Badge ID</b></td></tr>" & _
   		"<tr><td>" & Txt_userid & "</td><td>" & Txt_usercn & "</td><td>" & Txt_userempid & "</td></tr></table>"
   
   	strAddUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   		"<tr><td bgcolor=""#5a2378""><b><center>Additional Information</center></b></td></tr>" & _
   		"<tr><td><i>Title:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userTitle & _ 
   			"<br><i>Department:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userDept & _
   			"<br><i>City:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userCity & _
   			"<br><i>Telephone:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userPhone  & _
   			"<br><i>E-Mail:&nbsp;&nbsp;&nbsp;&nbsp;</i>"& Txt_userEMail & _
   			"</td></tr></table>"
   
   	strAccUserStatus = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   		"<tr><td bgcolor=""#5a2378""><b><center>Account Status</center></b></td></tr>" & _
   		"<tr><td><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctdisable & "</b></font>" & _
   			"<br><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctlocked & "</b></font>" & _
   			"<br><i>" & Txt_pwdexpire & "</i>" & _
   			"</td></tr></table>" 
   	x=x+1
	objRecordset.MoveNext
Loop
If x = 0 Then
    strBaseUserInfo = "<br><center><font size=5>The requested username<br><marquee SCROLLAMOUNT=""15""><font size=7 color=""#fcff00""><img src=""error.gif"" align=""middle"">" & struserid.value &"<img src=""error.gif"" align=""middle""></font></marquee><br>is not found in Active Directory</font></center>"
Else
 
End If
BaseUserInfo.innerhtml = strBaseUserInfo
AddUserInfo.innerhtml = strAddUserInfo
AccUserStatus.innerhtml = strAccUserStatus
AdditionalOptions.innerhtml = strpasswordset
End Sub
 
Sub LastSearch
AddUserInfo.innerhtml = ""
AccUserStatus.innerhtml = ""
AdditionalOptions.innerhtml = ""
acctdisable = "Enabled"
acctlocked = "Not Locked"
' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=person)(objectClass=user)(sn=" & struserid.value & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";sAMAccountName,distinguishedname,userAccountControl,cn"
 
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 750
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
 
' Enumerate all users. Check if accounts disabled.
Set objRecordset = objCommand.execute
x = 0
strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
 		"<tr><td bgcolor=""#5a2378""><b>Full Name</b></td><td bgcolor=""#5a2378""><b>User ID</b></td><td bgcolor=""#5a2378""><b>Search User</b></td></tr>"
 
Do Until objRecordset.EOF
	Txt_userid = objRecordSet.Fields("SamAccountName")
	Txt_fullname = objRecordset.Fields("cn")
	strBaseUserInfo = strBaseUserInfo & "<tr><td>" & Txt_fullname & "</td><td>" & Txt_userid & "</td><td> <input id=""changeid"" type=""button"" value=""Search UserID"" name=""useridmod""  onClick= ""GetUser('" & Txt_userid & "')""> </td></tr>"
	x=x+1
	objRecordset.MoveNext
Loop
If x = 0 Then
    strBaseUserinfo = "<br><center>The lastname " & struserid &" is not found in Active Directory.<br><img src=""lasterror.gif""></center>"
End If
strBaseUserInfo = strBaseUserInfo & "</table>"
BaseUserInfo.innerhtml = strBaseUserInfo
End Sub
 
Sub ChangePassword
'Connect to Active directory And check user to be cloned exists
'must enter strUserid = username
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objcommand.commandtext = _
 "<LDAP://DC=ads,DC=trilegiant,DC=com>;" & _
  "(&(objectCategory=person)(objectClass=user)" & _
            "(sAMAccountName=" & struserid.value &"));" & _
                "sAMAccountName, distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"
    'WScript.quit
Else
    While Not objRecordset.EOF
    	userdn = objRecordSet.fields("distinguishedname")
		Set objUser = GetObject("LDAP://" & userdn & "")
		objUser.SetPassword password.value
		objUser.SetInfo
		On Error Resume Next
		If Err.Number <> 0 Then
			MsgBox(Err.Number & " " & Err.Description)
		Else
			MsgBox("Password Changed Successfully")
		End If        
        objRecordset.MoveNext
    Wend
End If
End Sub
 
Sub UnlockAccount
'Connect to Active directory And check user to be cloned exists
'must enter strUserid = username
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objcommand.commandtext = _
 "<LDAP://DC=ads,DC=trilegiant,DC=com>;" & _
  "(&(objectCategory=person)(objectClass=user)" & _
            "(sAMAccountName=" & struserid.value &"));" & _
                "sAMAccountName, distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"
    'WScript.quit
Else
    While Not objRecordset.EOF
    	userdn = objRecordSet.fields("distinguishedname")
		Set objUser = GetObject("LDAP://" & userdn & "")
		objUser.IsAccountLocked = False
		objUser.SetInfo
		On Error Resume Next
		If Err.Number <> 0 Then
			MsgBox(Err.Number & " " & Err.Description)
		Else
			MsgBox("Account Unlocked")
		End If        
        objRecordset.MoveNext
    Wend
End If
End Sub
 
Function GetUser(strID)
Struserid.Value = strID
Call useridsearch
End Function
 
</script>
<hta:application
	applicationname="ADUCUserGrab"	
	border="thin"
	borderstyle="normal"
	caption="ADUC User Grab"
	contextmenu="yes"
	icon="aduc_sm.ico"
	maximizebutton="no"
	minimizebutton="yes"
	navigable="yes"
	scroll="yes"
	selection="yes"
	showintaskbar="yes"
	singleinstance="yes"
	sysmenu="yes"
	version="1.0"
	windowstate="normal"
>
</head>
<body topmargin="1" leftmargin="0" rightmargin="0" bottommargin="1" bgcolor="#074075" text="#FFFFFF">
<table border="0" width="640" cellspacing="0" cellpadding="0">
	<tr>
		<td align="center" valign="top" height="110" bgcolor="#074075">
			<i>Enter the <u>userid</u> or <u>last name</u> below and click appropriate search.</i><br>
			<input type="text" name="StrUserid" size="20">
			<input id=idsearchbutton  class="button" type="button" value="Search On UserID" name="userid"  onClick="useridsearch">
			<input id=lastsearchbutton  class="button" type="button" value="Search On Last Name" name="lastname"  onClick="LastSearch">
		</td>
	</tr>
	<tr>
		<td valign="top" height="300" bgcolor="#1d5087">
			<Div id="BaseUserInfo"></Div>
			<br>
			<table border="0" width="100%" cellspacing="1" cellpadding="0">
				<tr>
					<td width="60%" valign="top"><Div id="AddUserInfo"></Div></td>
					<td width="40%" valign="top"><Div id="AccUserStatus"></Div></td>
				</tr>
			</table>
		</td>
	</tr>
	<tr>
		<td valign="top" height="70" bgcolor="#074075">
			<div id="AdditionalOptions"></div>
		</td>
	</tr>
</table>
</body>
</html>

Open in new window

0
 
chandru_solCommented:
Change 182 and 87 line to suit your domain


regards
Chandru
0
 
chandru_solCommented:
Did you try this HTA which does the job?

regards
Chandru
0
 
neptuneitCommented:
Chandru,

I used your HTA and it works beautifully...for me. I suppose it works because when I run it from my PC it is using my account - a domain admin. I would like to give this HTA to our helpdesk staff however. Is there a way to add credentials so that they have the ability to reset passwords? If so, is there a way to do it without showing in clear text what those credentials are?

Thanks!
0
 
chandru_solCommented:
I think we can have alternate credentials for the HTA. I will work on this and post the code

regards
Chandru
0
 
chandru_solCommented:
Can i know why Grade B, as i was busy today i thought i will work on this in the night today?

regards
Chandru
0
 
First LastCommented:
For some reason when I run this script I can reset a account password, but I can't successfully unlock an account. I'm testing the script from 2003 box as the domain admin. Any ideas?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now