How would I edit the following script to only allow password resets in their school's OU?

How would I edit the following hta file for domain user password resetting to only allow the person running the script to be able to reset passwords of users in the following ou:
LDAP://OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca
<html> 
<head>
<title>Simple Active Directory User Management</title>
<script>
window.resizeTo(500,360)
window.moveTo(330,220)
</script>
<HTA:APPLICATION
ApplicationName="UserAdm.hta"
singleInstance="yes"
icon="c:\windows\msagent\agentsvr.exe"
minimizebutton="no"
maximizebutton="no"
border="thick"
borderStyle="sunken"
sysMenu="yes"
scroll="no"
></HTA:APPLICATION>
</head>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt1Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS, PWD
Dim objNetwork, objShell, objFSO
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Type username for the user that needs password change:'
USR = InputBox("Student Username - Example 09jdoe:", "Create User Password", _
"Write Student Username Here")
PWD = InputBox("New Password:")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate username into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If Err <> 0 Then
ABS = 1
End If
 
'** Execute if object is found:'
If ABS <> 1 Then
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** Assign password and parameters:'
If strNM <> "" Then
TNP = PWD
objUser.SetPassword TNP
If Err <> 0 Then
EROR = 1
End If
'objUser.Put "pwdLastSet", 0
objUser.IsAccountLocked = False
objUser.SetInfo
End If
 
'** If no error, show new temporary password:'
If EROR <> 1 Then
MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
End If
 
End If
 
'** End if object not found:'
If ABS = 1 Then
MsgBox UCase(USR) & " was not found. Please try again.", _
48, "Unknown Username"
End If
 
'** If no permission, give message:'
If EROR = 1 Then
MsgBox "You can not change password for this user.", _
48, "Permission Denied"
Wscript.Quit
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt2Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
Dim objNetwork, objShell
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Write username for the user that needs to be enabled or disabled:'
USR = InputBox("Username:", "Enable or Disable Active Directory User", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** Declare NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate name into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** If no error, enable or disable user:'
If Err = 0 Then
Const ADS_UF_ACCOUNTDISABLE = 2
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
POS = 1
Else
NEG = 1
End If
Else
objShell.Popup UCase(USR) & " was not found. Please try again.", _
5, "Unknown Username", 48
Wscript.Quit
End If
 
'** If no permission, give message:'
If Err = "-2147024891" Then
DENY = 1
objShell.Popup "You can not enable or disable this user.", _
5, "Permission Denied", 48
Wscript.Quit
End If
 
'** If no error, show result:'
If DENY <> 1 Then
If POS = 1 Then
MsgBox UCase(USR) & " were successfully enabled.", _
64, "User enabled by " & strNM2
End If
 
If NEG = 1 Then
MsgBox UCase(USR) & " were successfully disabled.", _
64, "User disabled by " & strNM2
End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<body bgcolor="#003366">
<div align="center">
  <p>&nbsp;</p>
  <h2 align="right"><img src="../logo.jpg" width="111" height="82" hspace="165" border="3" align="left" bordercolor="#666699" bgcolor="#FFFFFF"></h2>
  <h2 align="right">&nbsp;</h2>
  <h2 align="right">&nbsp;</h2>
  <div align="left">
    <p><font color="#CCCC00" size="+2" face="Verdana, Arial, Helvetica, sans-serif">NMC Student Password Management</font>
</p>
    </div>
  <table width="450" border="6" align="left" bordercolor="#FFFF00" bordercolorlight="#C0C0C0" bordercolordark="#666699" bgcolor="#FFFFFF" id="table1">
    <tr>
      <td width="330"><b><font face="Verdana" size="2" color="#000033">Change User Password</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt1Go">
      </div></td>
    </tr>
    <tr>
      <td width="357"><b><font face="Verdana" size="2" color="#000033">Enable or Disable User</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt2Go">
      </div></td>
    </tr>
  </table>
  <div align="left"> </div>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
</div>
</body>
</html>

Open in new window

2xc3y2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobSampsonCommented:
Hi, before you bind to the user object, check the OU of the strUserDN:

' Start from the OU part of strUserDN, so you miss the CN part
If Mid(LCase(strUserDN), "OU=") = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then
   ' do everything
Else
   MsgBox "User is not in the correct OU"
   Window.Close
End If


Regards,

Rob.
0
2xc3y2Author Commented:
Hi Rob
I think I must be blond.  I tried it before the line '** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)  like below:  

If Mid(LCase(strUserDN), "OU=") = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
   
Else
   MsgBox "User is not in the correct OU"
   Window.Close
End If


but it tells me I don't have access to change the password now, it must be erroring elsewhere.   Can I ask you if the above is correct or if I have it in the wrong spot?
Thanks in advance
Sandi
0
RobSampsonCommented:
Hmmm, I had the line wrong there.
This:
If Mid(LCase(strUserDN), "OU=") = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then

should have been this:
If Mid(LCase(strUserDN), InStr(LCase(strUserDN), "ou=")) = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then

Anyway, try this:

<html>
<head>
<title>Simple Active Directory User Management</title>
<script>
window.resizeTo(500,360)
window.moveTo(330,220)
</script>
<HTA:APPLICATION
ApplicationName="UserAdm.hta"
singleInstance="yes"
icon="c:\windows\msagent\agentsvr.exe"
minimizebutton="no"
maximizebutton="no"
border="thick"
borderStyle="sunken"
sysMenu="yes"
scroll="no"
></HTA:APPLICATION>
</head>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt1Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS, PWD
Dim objNetwork, objShell, objFSO
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Type username for the user that needs password change:'
USR = InputBox("Student Username - Example 09jdoe:", "Create User Password", _
"Write Student Username Here")
PWD = InputBox("New Password:")
 
'** Prevent run-time errors:'
'On Error Resume Next
 
'** NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate username into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If Err <> 0 Then
ABS = 1
End If
 
'** Execute if object is found:'
If ABS <> 1 Then
      strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      ' Start from the OU part of strUserDN, so you miss the CN part
      If Mid(LCase(strUserDN), InStr(LCase(strUserDN), "ou=")) = LCase("OU=NMC,OU=students,OU=PSSD users,dc=domainname,dc=mb,dc=ca") Then
         ' do everything
            '** Do LDAP bind to object:'
            Set objUser = GetObject("LDAP://" & strUserDN)
            
            '** Get full name:'
            strUS1 = Mid(strUserDN,4)
            strUS2 = Split(strUS1, ",")
            For i = LBound(strUS2) to UBound(strUS2)
                  strNM = strUS2(i)
                  Exit For
            Next
             
            '** Assign password and parameters:'
            If strNM <> "" Then
                  TNP = PWD
                  objUser.SetPassword TNP
                  If Err <> 0 Then
                        EROR = 1
                  End If
                  'objUser.Put "pwdLastSet", 0
                  objUser.IsAccountLocked = False
                  objUser.SetInfo
            End If
             
            '** If no error, show new temporary password:'
            If EROR <> 1 Then
                  MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
                  vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
            Else
                  MsgBox "Error setting password for " & UCase(USR) & " (" & strNM & "):" & _
                  vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
            End If
             
            '** End if object not found:'
            If ABS = 1 Then
                  MsgBox UCase(USR) & " was not found. Please try again.", _
                  48, "Unknown Username"
            End If
      Else
            '** If the OU does not match, give message:'
            MsgBox "You can not change password for this user.", _
            48, "Permission Denied"
            'window.Close
      End If
Else
      '** End if object not found:'
      If ABS = 1 Then
            MsgBox UCase(USR) & " was not found. Please try again.", _
            48, "Unknown Username"
      End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<HEAD>
<SCRIPT language="vbscript">
Sub bt2Go_onclick()
 
'** Declarations:'
Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
Dim objNetwork, objShell
 
'** Objects:'
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
 
'** User/Domain:'
OPR = objNetwork.UserName
DM = objNetwork.UserDomain & "\"
 
'** Write username for the user that needs to be enabled or disabled:'
USR = InputBox("Username:", "Enable or Disable Active Directory User", _
"Write Username Here")
 
'** Prevent run-time errors:'
On Error Resume Next
 
'** Declare NameTranslate constants:'
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
 
'** Combine the user name and domain name:'
strNTName = DM & USR
strNT2 = DM & OPR
 
'** Translate operator name into DN:'
Set objTrans2 = CreateObject("NameTranslate")
objTrans2.Init ADS_NAME_INITTYPE_GC, ""
objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
Set objUser2 = GetObject("LDAP://" & strUserDN2)
strUS3 = Mid(strUserDN2,4)
strUS4 = Split(strUS3, ",")
For i = LBound(strUS4) to UBound(strUS4)
strNM2 = strUS4(i)
Exit For
Next
 
'** Translate name into DN:'
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
 
'** Do LDAP bind to object:'
Set objUser = GetObject("LDAP://" & strUserDN)
 
'** Get full name:'
strUS1 = Mid(strUserDN,4)
strUS2 = Split(strUS1, ",")
For i = LBound(strUS2) to UBound(strUS2)
strNM = strUS2(i)
Exit For
Next
 
'** If no error, enable or disable user:'
If Err = 0 Then
Const ADS_UF_ACCOUNTDISABLE = 2
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
POS = 1
Else
NEG = 1
End If
Else
objShell.Popup UCase(USR) & " was not found. Please try again.", _
5, "Unknown Username", 48
Wscript.Quit
End If
 
'** If no permission, give message:'
If Err = "-2147024891" Then
DENY = 1
objShell.Popup "You can not enable or disable this user.", _
5, "Permission Denied", 48
Wscript.Quit
End If
 
'** If no error, show result:'
If DENY <> 1 Then
If POS = 1 Then
MsgBox UCase(USR) & " were successfully enabled.", _
64, "User enabled by " & strNM2
End If
 
If NEG = 1 Then
MsgBox UCase(USR) & " were successfully disabled.", _
64, "User disabled by " & strNM2
End If
End If
 
End Sub
</SCRIPT>
</HEAD>
 
<body bgcolor="#003366">
<div align="center">
  <p>&nbsp;</p>
  <h2 align="right"><img src="../logo.jpg" width="111" height="82" hspace="165" border="3" align="left" bordercolor="#666699" bgcolor="#FFFFFF"></h2>
  <h2 align="right">&nbsp;</h2>
  <h2 align="right">&nbsp;</h2>
  <div align="left">
    <p><font color="#CCCC00" size="+2" face="Verdana, Arial, Helvetica, sans-serif">NMC Student Password Management</font>
</p>
    </div>
  <table width="450" border="6" align="left" bordercolor="#FFFF00" bordercolorlight="#C0C0C0" bordercolordark="#666699" bgcolor="#FFFFFF" id="table1">
    <tr>
      <td width="330"><b><font face="Verdana" size="2" color="#000033">Change User Password</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt1Go">
      </div></td>
    </tr>
    <tr>
      <td width="357"><b><font face="Verdana" size="2" color="#000033">Enable or Disable User</font></b></td>
      <td width="109" align="center"><div align="center">
        <input type="button" value=" " name="bt2Go">
      </div></td>
    </tr>
  </table>
  <div align="left"> </div>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
</div>
</body>
</html>


Regards,

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
2xc3y2Author Commented:
I finally had a chance to try this out.  Thank you so much, it works great.
0
RobSampsonCommented:
No problem.  Thanks for the grade.

Regards,

Rob.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.