Solved

Password unlock/reset solution?

Posted on 2007-11-23
14
2,300 Views
Last Modified: 2013-11-25
I'm a network admin of and Active Directory environment w/ over 150 users We get a lot of tickets for account unlocks. I've seen tons of commercial products (small list below) but quite frankly the pay per user pricing model is absurd.

There are a couple of tutorials out there on how to design your own but I'm no coder.

We have a 15 minutes timeout but that's a lot of lost production time.  And I have 150, but we have another office of 80, and another of 300.  And even though we might only get 1 or 2 tickets a day, that adds up.

As to how they would get to such a page if they're locked out?  1) they could use a neighbor's computer or 2) I could potentially setup a little kiosk workstation for the sole purpose of account unlocks.

Not a comprehensive list by a longshot, but here is just a sampling of the tools I've found that do the job, all of which want to be paid far more than I think is appropriate. After all, I think a good coder could do this in a single day, just setup an ASP page that allows a user to enter an email address, answer a secret question, and if the user provides the correct answer is allowed to unlock or change their password. Just write the data to a little Access database! Oh well...

-NewWrix's Password Manager
-TheDotNetFactory's EmpowerID
-Self Service Admin
-ManageEngine
- ADSelfService Plus
-NetIQ's Secure Password Admin
-Avatier's Password Management
-ADVToolware's SSRPM
-Tools4Ever's Self Service Reset Password Management
0
Comment
Question by:ista_na
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 11

Expert Comment

by:bsharath
ID: 20341832
TO make a short note on what i have understood...
Are you looking for a script to reset the password.Thats a free of cost solution.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20342152
If you are a domain admin, there are a few things I would recommend for your application.

If computer users are locked out and can log on to another computer using the same credentials for a domain logon, that sounds like cached credentials. As a domain administrator, I would select a GPO to disable saved passwords on the machine. That will probably cut your lockouts to less than half.

I believe you can also reduce the lockout period by using a GPO.

After that, it depends on what you want to do with resetting passwords. Resetting passwords in active directory shouldn't take very long at all. I am not certain what you want to do to reset passwords. Do you want to reset the Active Directory credential password or the local password?
0
 

Author Comment

by:ista_na
ID: 20342577
bsharath: yes either a free or inexpensive way to implement password changes and unlocks from a web interface.  Some of the solutions I've found would cost upwards of $8,000 which I find ridiculous.

ChiefIT:  I don't like the idea of disabling cached passwords.  What about laptops?  And I don't see how that would cut lockouts down, either.  If a user forgets his/her password it has little to do with whether or not it's cached.  The lockout period is determined by management so my hands are tied there.  And yes I know it doesn't take long to reset an Active Directory password, but I still can't find an affordable way to do so from  a web interface.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:chandru_sol
ID: 20342765
Try this...........

Save this file as UserAdm.hta

regards
Chandru
<html> 
<head>
<title>Simple Active Directory User Management</title>
<script>
window.resizeTo(347,130)
window.moveTo(330,220)
</script>
<HTA:APPLICATION
ApplicationName="UserAdm.hta"
singleInstance="yes"
icon="c:\windows\msagent\agentsvr.exe"
minimizebutton="no"
maximizebutton="no"
border="thick"
borderStyle="sunken"
sysMenu="yes"
scroll="no"
></HTA:APPLICATION>
</head>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt1Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS
Dim objNetwork, objShell, objFSO
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Type username for the user that needs password change:'
USR = InputBox("Username:", "Create Temporary Active Directory User Password", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate username into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If Err <> 0 Then
ABS = 1
End If
 
'** Execute if object is found:'
If ABS <> 1 Then
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** Assign password and parameters:'
If strNM <> "" Then
TNP = "changeme" & Mid(objFSO.GetTempName,4,4)
objUser.SetPassword TNP
If Err <> 0 Then
EROR = 1
End If
objUser.Put "pwdLastSet", 0
objUser.IsAccountLocked = False
objUser.SetInfo
End If
 
'** If no error, show new temporary password:'
If EROR <> 1 Then
MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
End If
 
End If
 
'** End if object not found:'
If ABS = 1 Then
MsgBox UCase(USR) & " was not found. Please try again.", _
48, "Unknown Username"
End If
 
'** If no permission, give message:'
If EROR = 1 Then
MsgBox "You can not change password for this user.", _
48, "Permission Denied"
Wscript.Quit
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt2Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
Dim objNetwork, objShell
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Write username for the user that needs to be enabled or disabled:'
USR = InputBox("Username:", "Enable or Disable Active Directory User", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** Declare NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate name into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** If no error, enable or disable user:'
If Err = 0 Then
Const ADS_UF_ACCOUNTDISABLE = 2
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
POS = 1
Else
NEG = 1
End If
Else
objShell.Popup UCase(USR) & " was not found. Please try again.", _
5, "Unknown Username", 48
Wscript.Quit
End If
 
'** If no permission, give message:'
If Err = "-2147024891" Then
DENY = 1
objShell.Popup "You can not enable or disable this user.", _
5, "Permission Denied", 48
Wscript.Quit
End If
 
'** If no error, show result:'
If DENY <> 1 Then
If POS = 1 Then
MsgBox UCase(USR) & " were successfully enabled.", _
64, "User enabled by " & strNM2
End If
 
If NEG = 1 Then
MsgBox UCase(USR) & " were successfully disabled.", _
64, "User disabled by " & strNM2
End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<body bgcolor="#003366">
<table border="1" id="table1" bgcolor="#EEEEEE" bordercolorlight="#C0C0C0" bordercolordark="#666699" bordercolor="#C0C0C0">
<tr>
<td width="266"><b><font face="Verdana" size="2" color="#800000">Change User Password</font></b></td>
<td align="center"><input type="button" value=" " name="bt1Go"></td>
</tr>
<tr>
<td width="266"><b><font face="Verdana" size="2" color="#800000">Enable or Disable User</font></b></td>
<td align="center"><input type="button" value=" " name="bt2Go"></td>
</tr>
</table>
</body>
</html> 

Open in new window

0
 

Author Comment

by:ista_na
ID: 20342922
I tried that, but it kept saying "user not found" no matter which user I tried any with any combination (user, domain\user, user@domain.com, etc).  Also I'm looking for a solution that would allow a user to authenticate themselves via a pre-answered secret question.
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20342929
Are you trying with your admin account who has rights to change the password or unlock account?


"Authenticate users via a pre-asnwered secret question" -- I didn't understand this

regards
Chandru
0
 

Author Comment

by:ista_na
ID: 20342987
Ok it's like this.  You work for North Central Positronics.  Your network admin tells you to sign up for th password unlock page and you do so.  Then a week later you forget your Windows password.  Then you can get on another computer, go to http://passreset.northcentralpositronics.com, and enter your username and it'll ask you your secret question:  "What is your dog's maiden name?"

Then you say to yourself, who *did* my  dog marry, and what *was* her maiden name?

Once you remember you answer and if correct, you are presented with 2 options:  Unlock your account, or reset your password.
0
 
LVL 12

Accepted Solution

by:
chandru_sol earned 500 total points
ID: 20342995
I think that cannot be done.

User will not have the rights to write password or unlock attributes.

You can try this HTA which works

regards
Chandru
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="description" content="Created by David Larsen and Mike Gormley">
<meta name="description" content="Version Number: Beta2">
<meta name="description" content="Last Update: 11/28/06">
<title>ADUC User Grab</title>
<script language="vbscript">
 
'This Sub controls various settings when the HTA is launched.
Sub window_OnLoad()
'On Error Resume Next
	'Set window size
	self.ResizeTo 675,525
	BaseUserInfo.innerhtml = "<center><br>User account information will display in this area once searched<br></center>"
End Sub
 
'This Sub contains the code behind the userid search button
Sub useridsearch
 
'Define Constant and declare variables
Const ADS_UF_ACCOUNTDISABLE = &H02
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_LOCKOUT = &H10
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const SEC_IN_DAY = 86400
acctdisable = "Enabled"
acctlocked = "Not Locked"
strPasswordSet = ""
 
' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & struserid.value & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";sAMAccountName, distinguishedName, UserAccountControl, CN, l, mail, Department, telephoneNumber, Title, employeeid;subtree"
 
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 750
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
 
' Enumerate all users. Check if accounts disabled.
Set objRecordset = objCommand.execute
x = 0
Do Until objRecordset.EOF
	'if user is found, set strusrpath to full DN name
	intFlag = objRecordSet.Fields("userAccountControl")
	lngFlag = objRecordSet.Fields("userAccountControl")
	strusrpath = objrecordset.fields("distinguishedName")
	Txt_userdn = strusrpath
	Txt_userid = objRecordSet.Fields("SamAccountName")
	Txt_userempid = objRecordSet.fields("employeeid")
	Txt_usercn = objRecordSet.fields("cn")
	Txt_userAC = objRecordSet.fields("UserAccountControl")
	Txt_userDept = objRecordSet.fields("Department")
	Txt_userTitle = objRecordSet.fields("Title")
	Txt_userCity = objRecordSet.fields("l")
	Txt_userEMail = objRecordSet.fields("mail")
	Txt_userPhone = objRecordSet.fields("telephoneNumber")
	strPasswordset = "<hr><font color=""#fcff00""><b>Reset User Password:</b></font> <input type=""password"" name=""password""> <input id=passreset  class=""button"" type=""button"" value=""Change Password"" name=""changepass""  onClick=""ChangePassword"">"
 
	If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
		acctdisable = "Disabled"
	End If
	Set objUser = GetObject("LDAP://" & strusrpath & "")
	intUAC = objUser.Get("UserAccountControl")
 
	If objUser.IsAccountLocked = True Then
		strPasswordset = strPasswordset & " <input id=unlock class=""button"" type=""button"" value=""Unlock Account"" name=""accunlock"" onclick=""UnlockAccount"">"
		acctlocked = "Locked"
	End If
 
	If intFlag And ADS_UF_DONT_EXPIRE_PASSWD Then
		Txt_pwdexpire = "The password <font color=""#fcff00""><b>does not</b></font> expire<br><center></center>"
	Else
		dtmValue = objUser.PasswordLastChanged 
		intTimeInterval = int(Now - dtmValue)
		'modify domain name in next line
		Set objDomainNT = GetObject("WinNT://domain")
		ntMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
		intMaxPwdAge = (ntMaxPwdAge/SEC_IN_DAY)
		If intTimeInterval >= intMaxPwdAge Then
      		Txt_pwdexpire = "Password <font color=""#fcff00""><b>has</b></font> expired<br><center></center>"
    	Else
      		Txt_pwdexpire = "Password will expire in <font color=""#fcff00""><b>" & int((dtmValue + intMaxPwdAge) - now) & "</b></font> days<br><center></center>"
    	End If
   	End If
   	strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   		"<tr><td bgcolor=""#5a2378""><b>User ID</b></td><td bgcolor=""#5a2378""><b>Full Name</b></td><td bgcolor=""#5a2378""><b>Badge ID</b></td></tr>" & _
   		"<tr><td>" & Txt_userid & "</td><td>" & Txt_usercn & "</td><td>" & Txt_userempid & "</td></tr></table>"
   
   	strAddUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   		"<tr><td bgcolor=""#5a2378""><b><center>Additional Information</center></b></td></tr>" & _
   		"<tr><td><i>Title:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userTitle & _ 
   			"<br><i>Department:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userDept & _
   			"<br><i>City:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userCity & _
   			"<br><i>Telephone:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userPhone  & _
   			"<br><i>E-Mail:&nbsp;&nbsp;&nbsp;&nbsp;</i>"& Txt_userEMail & _
   			"</td></tr></table>"
   
   	strAccUserStatus = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   		"<tr><td bgcolor=""#5a2378""><b><center>Account Status</center></b></td></tr>" & _
   		"<tr><td><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctdisable & "</b></font>" & _
   			"<br><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctlocked & "</b></font>" & _
   			"<br><i>" & Txt_pwdexpire & "</i>" & _
   			"</td></tr></table>" 
   	x=x+1
	objRecordset.MoveNext
Loop
If x = 0 Then
    strBaseUserInfo = "<br><center><font size=5>The requested username<br><marquee SCROLLAMOUNT=""15""><font size=7 color=""#fcff00""><img src=""error.gif"" align=""middle"">" & struserid.value &"<img src=""error.gif"" align=""middle""></font></marquee><br>is not found in Active Directory</font></center>"
Else
 
End If
BaseUserInfo.innerhtml = strBaseUserInfo
AddUserInfo.innerhtml = strAddUserInfo
AccUserStatus.innerhtml = strAccUserStatus
AdditionalOptions.innerhtml = strpasswordset
End Sub
 
Sub LastSearch
AddUserInfo.innerhtml = ""
AccUserStatus.innerhtml = ""
AdditionalOptions.innerhtml = ""
acctdisable = "Enabled"
acctlocked = "Not Locked"
' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=person)(objectClass=user)(sn=" & struserid.value & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";sAMAccountName,distinguishedname,userAccountControl,cn"
 
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 750
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
 
' Enumerate all users. Check if accounts disabled.
Set objRecordset = objCommand.execute
x = 0
strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
 		"<tr><td bgcolor=""#5a2378""><b>Full Name</b></td><td bgcolor=""#5a2378""><b>User ID</b></td><td bgcolor=""#5a2378""><b>Search User</b></td></tr>"
 
Do Until objRecordset.EOF
	Txt_userid = objRecordSet.Fields("SamAccountName")
	Txt_fullname = objRecordset.Fields("cn")
	strBaseUserInfo = strBaseUserInfo & "<tr><td>" & Txt_fullname & "</td><td>" & Txt_userid & "</td><td> <input id=""changeid"" type=""button"" value=""Search UserID"" name=""useridmod""  onClick= ""GetUser('" & Txt_userid & "')""> </td></tr>"
	x=x+1
	objRecordset.MoveNext
Loop
If x = 0 Then
    strBaseUserinfo = "<br><center>The lastname " & struserid &" is not found in Active Directory.<br><img src=""lasterror.gif""></center>"
End If
strBaseUserInfo = strBaseUserInfo & "</table>"
BaseUserInfo.innerhtml = strBaseUserInfo
End Sub
 
Sub ChangePassword
'Connect to Active directory And check user to be cloned exists
'must enter strUserid = username
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objcommand.commandtext = _
 "<LDAP://DC=ads,DC=trilegiant,DC=com>;" & _
  "(&(objectCategory=person)(objectClass=user)" & _
            "(sAMAccountName=" & struserid.value &"));" & _
                "sAMAccountName, distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"
    'WScript.quit
Else
    While Not objRecordset.EOF
    	userdn = objRecordSet.fields("distinguishedname")
		Set objUser = GetObject("LDAP://" & userdn & "")
		objUser.SetPassword password.value
		objUser.SetInfo
		On Error Resume Next
		If Err.Number <> 0 Then
			MsgBox(Err.Number & " " & Err.Description)
		Else
			MsgBox("Password Changed Successfully")
		End If        
        objRecordset.MoveNext
    Wend
End If
End Sub
 
Sub UnlockAccount
'Connect to Active directory And check user to be cloned exists
'must enter strUserid = username
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objcommand.commandtext = _
 "<LDAP://DC=ads,DC=trilegiant,DC=com>;" & _
  "(&(objectCategory=person)(objectClass=user)" & _
            "(sAMAccountName=" & struserid.value &"));" & _
                "sAMAccountName, distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"
    'WScript.quit
Else
    While Not objRecordset.EOF
    	userdn = objRecordSet.fields("distinguishedname")
		Set objUser = GetObject("LDAP://" & userdn & "")
		objUser.IsAccountLocked = False
		objUser.SetInfo
		On Error Resume Next
		If Err.Number <> 0 Then
			MsgBox(Err.Number & " " & Err.Description)
		Else
			MsgBox("Account Unlocked")
		End If        
        objRecordset.MoveNext
    Wend
End If
End Sub
 
Function GetUser(strID)
Struserid.Value = strID
Call useridsearch
End Function
 
</script>
<hta:application
	applicationname="ADUCUserGrab"	
	border="thin"
	borderstyle="normal"
	caption="ADUC User Grab"
	contextmenu="yes"
	icon="aduc_sm.ico"
	maximizebutton="no"
	minimizebutton="yes"
	navigable="yes"
	scroll="yes"
	selection="yes"
	showintaskbar="yes"
	singleinstance="yes"
	sysmenu="yes"
	version="1.0"
	windowstate="normal"
>
</head>
<body topmargin="1" leftmargin="0" rightmargin="0" bottommargin="1" bgcolor="#074075" text="#FFFFFF">
<table border="0" width="640" cellspacing="0" cellpadding="0">
	<tr>
		<td align="center" valign="top" height="110" bgcolor="#074075">
			<i>Enter the <u>userid</u> or <u>last name</u> below and click appropriate search.</i><br>
			<input type="text" name="StrUserid" size="20">
			<input id=idsearchbutton  class="button" type="button" value="Search On UserID" name="userid"  onClick="useridsearch">
			<input id=lastsearchbutton  class="button" type="button" value="Search On Last Name" name="lastname"  onClick="LastSearch">
		</td>
	</tr>
	<tr>
		<td valign="top" height="300" bgcolor="#1d5087">
			<Div id="BaseUserInfo"></Div>
			<br>
			<table border="0" width="100%" cellspacing="1" cellpadding="0">
				<tr>
					<td width="60%" valign="top"><Div id="AddUserInfo"></Div></td>
					<td width="40%" valign="top"><Div id="AccUserStatus"></Div></td>
				</tr>
			</table>
		</td>
	</tr>
	<tr>
		<td valign="top" height="70" bgcolor="#074075">
			<div id="AdditionalOptions"></div>
		</td>
	</tr>
</table>
</body>
</html>

Open in new window

0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20342998
Change 182 and 87 line to suit your domain


regards
Chandru
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20390402
Did you try this HTA which does the job?

regards
Chandru
0
 
LVL 1

Expert Comment

by:neptuneit
ID: 20473056
Chandru,

I used your HTA and it works beautifully...for me. I suppose it works because when I run it from my PC it is using my account - a domain admin. I would like to give this HTA to our helpdesk staff however. Is there a way to add credentials so that they have the ability to reset passwords? If so, is there a way to do it without showing in clear text what those credentials are?

Thanks!
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20473159
I think we can have alternate credentials for the HTA. I will work on this and post the code

regards
Chandru
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20485712
Can i know why Grade B, as i was busy today i thought i will work on this in the night today?

regards
Chandru
0
 
LVL 1

Expert Comment

by:First Last
ID: 30723335
For some reason when I run this script I can reset a account password, but I can't successfully unlock an account. I'm testing the script from 2003 box as the domain admin. Any ideas?
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question