Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Bulk Reset AD passwords to unique passwords

Posted on 2009-07-01
9
Medium Priority
?
677 Views
Last Modified: 2012-05-07
Hello,

I've been searching EE & google for a script that would allow me to reset AD passwords to unique passwords and not something generic for all users. In other words, here's what I'm trying to accomplish:

Name            DOB (password)
Joe Smith --> 09171965
Mary Sue --> 12251971

I've come across VBscripts that prompt the administrator for the user to have his/her password reset, and while this would work for one user, it wouldn't work for many users as I'm trying to automate the process. I will be creating a large number of users and here's my idea:

1. Use a script to create and enable the user accounts with a generic password (got this step)
2. Place all users created in step #1 into a specific OU (got this step)
3. Create a file (.csv,.txt, etc) with user names (or sAMaccount, DN, etc.) and passwords.
3. Run a script against the OU in step #2 and have the script read the file in step #3 so that it can reset the passwords accordingly.

Any guidance on how to accomplish the above will be much appreciated. Thanks.
0
Comment
Question by:bndit
9 Comments
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 2000 total points
ID: 24757193
Well you could do something like this.

This will need a file with the username!password on each line. I used the exclamation point as a delemiter.


for /F "delims=! tokens=1,2" %%h IN (file.txt) Do dsquery user -samid "%%h" | dsmod user -pwd "%%i"

Open in new window

0
 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 2000 total points
ID: 24757238
Sorry that might be a little bit brief so a little explanation.

Save that command to a file and rename it to a bat file. Basically once you create your OU and populate your users into it. You would need to make a plain text file with their username (samid) and the desired password. It has to be in the format of

user1!pass1
user2!pass2
user3!pass3

Make sure there isnt a trailing carriage return in the file. Save the file as file.txt as that is refferenced in the command and then execute the bat file. Once the file is executed it will loop through the file.txt and perform a lookup of the username and then modify it with the password you provided.

Hope this explains a little better.
0
 
LVL 2

Author Comment

by:bndit
ID: 24757376
Thanks, that does explain it better. Just for my own knowledge...what scripting language is this? and is there a link that you can refer me to so that I can understand the various arguments you're using. I like to understand as much as possible things that I run  :). I'll be testing this on my test environment and I'll get back to you on the outcome.

thanks,
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 2000 total points
ID: 24757483
The file I am using is just batch scripting using the DS series of commands. Its really only 2 commands the DOS FOR command
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/F/FOR_F.HTM

and the commands using DSquery and DSmod
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/D/DSQUERY.HTM
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/D/DSMOD.HTM

A quick run through of the commands

For /f - Loop through each line in a file
delims=! - what character to look for to seperate the tokens
tokens 1,2 - how many items are expected
%%h - the variable name to start with in this case %%h and %%i. Determined by the tokens 1,2 line. If it were tokens 1,2,3,4 you would have %%H %%I %%J %%K and so on.
IN (file.txt) - Where to look for the data to loop through

Do {command} - what will actually be done with the data. In thise case dsquery user -samid "%%h" | dsmod user -pwd "%%i"




0
 
LVL 3

Expert Comment

by:bdibene
ID: 24758157
You mentioned that you know how to have a VBScript prompt the Admin to change the User password.
Do you need to set the passwords to something you know, or would it be OK to just prompt all the Users and force them to change their own passwords?  This can be done with Group Policy (Computer Config-->Windows Settings-->Security Settings-->Account Policies-->Password Policy).
0
 
LVL 2

Author Comment

by:bndit
ID: 24758444
I want to change the passwords to something known but unique to each user such as their employee #. I'm trying to stay away from turning the "change password at next logon" flag - this might be against best practice when creating a new user account, but it's necessary in my circumstances. The password policy applied at the domain level will take care of forcing them to reset the password at a later time.
0
 
LVL 5

Expert Comment

by:artoaperjan
ID: 24768101
hi
this is a good request i can use this too. if u want i can script for u a VBScript which  will do all the 4 steps you have above but we woud need to agree on how r u going to supply the user details.
if you can put all in a txt all above steps can be done automaticaly.

Art
0
 
LVL 2

Author Comment

by:bndit
ID: 24768245
Hi Art - thanks for offering to script this out. I'm providing you with a small text file that contains about five users...this should be enough to get the script working. Take a look at the txt file and let me know if it works. The only column that you won't find in it will be the password as I don't believe that can be imported into AD but rather you'll take care of it with the script. Let me know. Thanks again.
User-bulk-create2.txt
0
 
LVL 2

Author Closing Comment

by:bndit
ID: 31598906
thanks
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Screencast - Getting to Know the Pipeline

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question