How would I edit the following script to only allow password resets in their school's OU?

How would I edit the following hta file for domain user password resetting to only allow the person running the script to be able to reset passwords of users in the following ou:
LDAP://OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca
<html> 
<head>
<title>Simple Active Directory User Management</title>
<script>
window.resizeTo(500,360)
window.moveTo(330,220)
</script>
<HTA:APPLICATION
ApplicationName="UserAdm.hta"
singleInstance="yes"
icon="c:\windows\msagent\agentsvr.exe"
minimizebutton="no"
maximizebutton="no"
border="thick"
borderStyle="sunken"
sysMenu="yes"
scroll="no"
></HTA:APPLICATION>
</head>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt1Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS, PWD
Dim objNetwork, objShell, objFSO
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Type username for the user that needs password change:'
USR = InputBox("Student Username - Example 09jdoe:", "Create User Password", _
"Write Student Username Here")
PWD = InputBox("New Password:")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate username into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If Err <> 0 Then
ABS = 1
End If
 
'** Execute if object is found:'
If ABS <> 1 Then
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** Assign password and parameters:'
If strNM <> "" Then
TNP = PWD
objUser.SetPassword TNP
If Err <> 0 Then
EROR = 1
End If
'objUser.Put "pwdLastSet", 0
objUser.IsAccountLocked = False
objUser.SetInfo
End If
 
'** If no error, show new temporary password:'
If EROR <> 1 Then
MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
End If
 
End If
 
'** End if object not found:'
If ABS = 1 Then
MsgBox UCase(USR) & " was not found. Please try again.", _
48, "Unknown Username"
End If
 
'** If no permission, give message:'
If EROR = 1 Then
MsgBox "You can not change password for this user.", _
48, "Permission Denied"
Wscript.Quit
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt2Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
Dim objNetwork, objShell
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Write username for the user that needs to be enabled or disabled:'
USR = InputBox("Username:", "Enable or Disable Active Directory User", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** Declare NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate name into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** If no error, enable or disable user:'
If Err = 0 Then
Const ADS_UF_ACCOUNTDISABLE = 2
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
POS = 1
Else
NEG = 1
End If
Else
objShell.Popup UCase(USR) & " was not found. Please try again.", _
5, "Unknown Username", 48
Wscript.Quit
End If
 
'** If no permission, give message:'
If Err = "-2147024891" Then
DENY = 1
objShell.Popup "You can not enable or disable this user.", _
5, "Permission Denied", 48
Wscript.Quit
End If
 
'** If no error, show result:'
If DENY <> 1 Then
If POS = 1 Then
MsgBox UCase(USR) & " were successfully enabled.", _
64, "User enabled by " & strNM2
End If
 
If NEG = 1 Then
MsgBox UCase(USR) & " were successfully disabled.", _
64, "User disabled by " & strNM2
End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<body bgcolor="#003366">
<div align="center">
  <p>&nbsp;</p>
  <h2 align="right"><img src="../logo.jpg" width="111" height="82" hspace="165" border="3" align="left" bordercolor="#666699" bgcolor="#FFFFFF"></h2>
  <h2 align="right">&nbsp;</h2>
  <h2 align="right">&nbsp;</h2>
  <div align="left">
    <p><font color="#CCCC00" size="+2" face="Verdana, Arial, Helvetica, sans-serif">NMC Student Password Management</font>
</p>
    </div>
  <table width="450" border="6" align="left" bordercolor="#FFFF00" bordercolorlight="#C0C0C0" bordercolordark="#666699" bgcolor="#FFFFFF" id="table1">
    <tr>
      <td width="330"><b><font face="Verdana" size="2" color="#000033">Change User Password</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt1Go">
      </div></td>
    </tr>
    <tr>
      <td width="357"><b><font face="Verdana" size="2" color="#000033">Enable or Disable User</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt2Go">
      </div></td>
    </tr>
  </table>
  <div align="left"> </div>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
</div>
</body>
</html>

Open in new window

2xc3y2Asked:
Who is Participating?
 
RobSampsonConnect With a Mentor Commented:
Hmmm, I had the line wrong there.
This:
If Mid(LCase(strUserDN), "OU=") = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then

should have been this:
If Mid(LCase(strUserDN), InStr(LCase(strUserDN), "ou=")) = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then

Anyway, try this:

<html>
<head>
<title>Simple Active Directory User Management</title>
<script>
window.resizeTo(500,360)
window.moveTo(330,220)
</script>
<HTA:APPLICATION
ApplicationName="UserAdm.hta"
singleInstance="yes"
icon="c:\windows\msagent\agentsvr.exe"
minimizebutton="no"
maximizebutton="no"
border="thick"
borderStyle="sunken"
sysMenu="yes"
scroll="no"
></HTA:APPLICATION>
</head>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt1Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS, PWD
Dim objNetwork, objShell, objFSO
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Type username for the user that needs password change:'
USR = InputBox("Student Username - Example 09jdoe:", "Create User Password", _
"Write Student Username Here")
PWD = InputBox("New Password:")
 
'** Prevent run-time errors:'
'On Error Resume Next
 
'** NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate username into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If Err <> 0 Then
ABS = 1
End If
 
'** Execute if object is found:'
If ABS <> 1 Then
      strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      ' Start from the OU part of strUserDN, so you miss the CN part
      If Mid(LCase(strUserDN), InStr(LCase(strUserDN), "ou=")) = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then
         ' do everything
            '** Do LDAP bind to object:'
            Set objUser = GetObject("LDAP://" & strUserDN)
            
            '** Get full name:'
            strUS1 = Mid(strUserDN,4)
            strUS2 = Split(strUS1, ",")
            For i = LBound(strUS2) to UBound(strUS2)
                  strNM = strUS2(i)
                  Exit For
            Next
             
            '** Assign password and parameters:'
            If strNM <> "" Then
                  TNP = PWD
                  objUser.SetPassword TNP
                  If Err <> 0 Then
                        EROR = 1
                  End If
                  'objUser.Put "pwdLastSet", 0
                  objUser.IsAccountLocked = False
                  objUser.SetInfo
            End If
             
            '** If no error, show new temporary password:'
            If EROR <> 1 Then
                  MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
                  vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
            Else
                  MsgBox "Error setting password for " & UCase(USR) & " (" & strNM & "):" & _
                  vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
            End If
             
            '** End if object not found:'
            If ABS = 1 Then
                  MsgBox UCase(USR) & " was not found. Please try again.", _
                  48, "Unknown Username"
            End If
      Else
            '** If the OU does not match, give message:'
            MsgBox "You can not change password for this user.", _
            48, "Permission Denied"
            'window.Close
      End If
Else
      '** End if object not found:'
      If ABS = 1 Then
            MsgBox UCase(USR) & " was not found. Please try again.", _
            48, "Unknown Username"
      End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt2Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
Dim objNetwork, objShell
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Write username for the user that needs to be enabled or disabled:'
USR = InputBox("Username:", "Enable or Disable Active Directory User", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** Declare NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate name into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** If no error, enable or disable user:'
If Err = 0 Then
Const ADS_UF_ACCOUNTDISABLE = 2
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
POS = 1
Else
NEG = 1
End If
Else
objShell.Popup UCase(USR) & " was not found. Please try again.", _
5, "Unknown Username", 48
Wscript.Quit
End If
 
'** If no permission, give message:'
If Err = "-2147024891" Then
DENY = 1
objShell.Popup "You can not enable or disable this user.", _
5, "Permission Denied", 48
Wscript.Quit
End If
 
'** If no error, show result:'
If DENY <> 1 Then
If POS = 1 Then
MsgBox UCase(USR) & " were successfully enabled.", _
64, "User enabled by " & strNM2
End If
 
If NEG = 1 Then
MsgBox UCase(USR) & " were successfully disabled.", _
64, "User disabled by " & strNM2
End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<body bgcolor="#003366">
<div align="center">
  <p>&nbsp;</p>
  <h2 align="right"><img src="../logo.jpg" width="111" height="82" hspace="165" border="3" align="left" bordercolor="#666699" bgcolor="#FFFFFF"></h2>
  <h2 align="right">&nbsp;</h2>
  <h2 align="right">&nbsp;</h2>
  <div align="left">
    <p><font color="#CCCC00" size="+2" face="Verdana, Arial, Helvetica, sans-serif">NMC Student Password Management</font>
</p>
    </div>
  <table width="450" border="6" align="left" bordercolor="#FFFF00" bordercolorlight="#C0C0C0" bordercolordark="#666699" bgcolor="#FFFFFF" id="table1">
    <tr>
      <td width="330"><b><font face="Verdana" size="2" color="#000033">Change User Password</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt1Go">
      </div></td>
    </tr>
    <tr>
      <td width="357"><b><font face="Verdana" size="2" color="#000033">Enable or Disable User</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt2Go">
      </div></td>
    </tr>
  </table>
  <div align="left"> </div>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
</div>
</body>
</html>


Regards,

Rob.
0
 
RobSampsonCommented:
Hi, before you bind to the user object, check the OU of the strUserDN:

' Start from the OU part of strUserDN, so you miss the CN part
If Mid(LCase(strUserDN), "OU=") = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then
   ' do everything
Else
   MsgBox "User is not in the correct OU"
   Window.Close
End If


Regards,

Rob.
0
 
2xc3y2Author Commented:
Hi Rob
I think I must be blond.  I tried it before the line '** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)  like below:  

If Mid(LCase(strUserDN), "OU=") = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
   
Else
   MsgBox "User is not in the correct OU"
   Window.Close
End If


but it tells me I don't have access to change the password now, it must be erroring elsewhere.   Can I ask you if the above is correct or if I have it in the wrong spot?
Thanks in advance
Sandi
0
 
2xc3y2Author Commented:
I finally had a chance to try this out.  Thank you so much, it works great.
0
 
RobSampsonCommented:
No problem.  Thanks for the grade.

Regards,

Rob.
0
All Courses

From novice to tech pro — start learning today.