Bulk Reset AD passwords to unique passwords

Hello,

I've been searching EE & google for a script that would allow me to reset AD passwords to unique passwords and not something generic for all users. In other words, here's what I'm trying to accomplish:

Name            DOB (password)
Joe Smith --> 09171965
Mary Sue --> 12251971

I've come across VBscripts that prompt the administrator for the user to have his/her password reset, and while this would work for one user, it wouldn't work for many users as I'm trying to automate the process. I will be creating a large number of users and here's my idea:

1. Use a script to create and enable the user accounts with a generic password (got this step)
2. Place all users created in step #1 into a specific OU (got this step)
3. Create a file (.csv,.txt, etc) with user names (or sAMaccount, DN, etc.) and passwords.
3. Run a script against the OU in step #2 and have the script read the file in step #3 so that it can reset the passwords accordingly.

Any guidance on how to accomplish the above will be much appreciated. Thanks.
LVL 2
bnditAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph DalyCommented:
Well you could do something like this.

This will need a file with the username!password on each line. I used the exclamation point as a delemiter.


for /F "delims=! tokens=1,2" %%h IN (file.txt) Do dsquery user -samid "%%h" | dsmod user -pwd "%%i"

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joseph DalyCommented:
Sorry that might be a little bit brief so a little explanation.

Save that command to a file and rename it to a bat file. Basically once you create your OU and populate your users into it. You would need to make a plain text file with their username (samid) and the desired password. It has to be in the format of

user1!pass1
user2!pass2
user3!pass3

Make sure there isnt a trailing carriage return in the file. Save the file as file.txt as that is refferenced in the command and then execute the bat file. Once the file is executed it will loop through the file.txt and perform a lookup of the username and then modify it with the password you provided.

Hope this explains a little better.
0
bnditAuthor Commented:
Thanks, that does explain it better. Just for my own knowledge...what scripting language is this? and is there a link that you can refer me to so that I can understand the various arguments you're using. I like to understand as much as possible things that I run  :). I'll be testing this on my test environment and I'll get back to you on the outcome.

thanks,
0
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

Joseph DalyCommented:
The file I am using is just batch scripting using the DS series of commands. Its really only 2 commands the DOS FOR command
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/F/FOR_F.HTM

and the commands using DSquery and DSmod
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/D/DSQUERY.HTM
http://www.geocities.com/rick_lively/MANUALS/COMMANDS/D/DSMOD.HTM

A quick run through of the commands

For /f - Loop through each line in a file
delims=! - what character to look for to seperate the tokens
tokens 1,2 - how many items are expected
%%h - the variable name to start with in this case %%h and %%i. Determined by the tokens 1,2 line. If it were tokens 1,2,3,4 you would have %%H %%I %%J %%K and so on.
IN (file.txt) - Where to look for the data to loop through

Do {command} - what will actually be done with the data. In thise case dsquery user -samid "%%h" | dsmod user -pwd "%%i"




0
bdibeneCommented:
You mentioned that you know how to have a VBScript prompt the Admin to change the User password.
Do you need to set the passwords to something you know, or would it be OK to just prompt all the Users and force them to change their own passwords?  This can be done with Group Policy (Computer Config-->Windows Settings-->Security Settings-->Account Policies-->Password Policy).
0
bnditAuthor Commented:
I want to change the passwords to something known but unique to each user such as their employee #. I'm trying to stay away from turning the "change password at next logon" flag - this might be against best practice when creating a new user account, but it's necessary in my circumstances. The password policy applied at the domain level will take care of forcing them to reset the password at a later time.
0
artoaperjanCommented:
hi
this is a good request i can use this too. if u want i can script for u a VBScript which  will do all the 4 steps you have above but we woud need to agree on how r u going to supply the user details.
if you can put all in a txt all above steps can be done automaticaly.

Art
0
bnditAuthor Commented:
Hi Art - thanks for offering to script this out. I'm providing you with a small text file that contains about five users...this should be enough to get the script working. Take a look at the txt file and let me know if it works. The only column that you won't find in it will be the password as I don't believe that can be imported into AD but rather you'll take care of it with the script. Let me know. Thanks again.
User-bulk-create2.txt
0
bnditAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.