Solved

auto change password to default password when userid account password expires

Posted on 2010-08-30
3
459 Views
Last Modified: 2012-05-10
Hi, i like to have a script which will change password to default when password expires. For example, if a user password is expired, it will be auto set to default password and the userid of the user will be reflected in the output file so that we can do the nesessary to change it. can this script be done up?
0
Comment
Question by:Shankar3003
  • 2
3 Comments
 
LVL 6

Expert Comment

by:rjunaid79
ID: 33564257
the following site has very very cool scripts, will help you...

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/#DetAccountExp.htm

you have two requirement,
to know "when password is going to expire"
to Set a password

this site has both script is separate form, see if these are helpful

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/#DetPasswExp.htm
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/#SetUserPwd.htm
0
 
LVL 6

Expert Comment

by:rjunaid79
ID: 33564272
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 33564410
Hi, this script will do the job for you.  It will need to be scheduled to run once per day or whatever you need.  Modify these lines:

strLogFile = "\\server\share\expiredpasswordresetlog.txt"
strDefaultPassword = "defaultpassword"
strOUPath = "ou=users,ou=main office,"

Leave strOUPath as a blank string
strOUPath = ""

if you want it to run over your entire AD.

For the moment, I have commented out these two lines:
                              'objUser.SetPassword strDefaultPassword
                              'objUser.SetInfo

so that you can check the output, and make sure it identifies the correct accounts, before making any changes.  When you're happy with that, uncomment those lines by removing the apostrophe, and it will set the password.

Regards,

Rob.
' Source: http://www.chineseinnorthamerica.com/technical/active%20directory/articles/password%20expires.html

' Under: Listing 7. Answer to the exercise

'On Error Resume Next



If Right(LCase(WScript.FullName), 11) = "wscript.exe" Then

	Set objShell = CreateObject("WScript.Shell")

	objShell.Run "cmd /k cscript """ & WScript.ScriptFullName & """", 1, False

	Set objShell = Nothing

	WScript.Quit

End If



Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

Const ONE_HUNDRED_NANOSECOND    = .000000100

Const SECONDS_IN_DAY            = 86400



Set adoCommand = CreateObject("ADODB.Command")

Set adoConnection = CreateObject("ADODB.Connection")

adoConnection.Provider = "ADsDSOObject"

adoConnection.Open "Active Directory Provider"

adoCommand.ActiveConnection = adoConnection



 ' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE")



strDNSDomain = objRootDSE.Get("defaultNamingContext")



strLogFile = "\\server\share\expiredpasswordresetlog.txt"

strDefaultPassword = "defaultpassword"

strOUPath = "ou=users,ou=main office,"



If strOUPath <> "" Then

	If Right(strOUPath, 1) <> "," Then strOUPath = strOUPath & ","

End If



Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objLog = objFSO.OpenTextFile(strLogFile, 8, True)



strBase = "<LDAP://" & strOUPath & strDNSDomain & ">"



strFilter = "(&(objectCategory=person)(objectClass=user))"



' Comma delimited list of attribute values to retrieve.

'strAttributes = "sAMAccountName,cn"

strAttributes = "adsPath"



' Construct the LDAP syntax query.

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

adoCommand.CommandText = strQuery

adoCommand.Properties("Page Size") = 1000

adoCommand.Properties("Timeout") = 30

adoCommand.Properties("Cache Results") = False



' Run the query.

Set adoRecordset = adoCommand.Execute

While Not adoRecordset.EOF

	Set objUser = GetObject(adoRecordset.Fields("adsPath").Value)

	intUserAccountControl = objUser.Get("userAccountControl")

	If Not intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then

		On Error Resume Next

		dtmValue = objUser.PasswordLastChanged

		If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then

			intTimeInterval = Int(Now - dtmValue)

	

			Set objDomain = GetObject("LDAP://" & strDNSDomain)

			Set objMaxPwdAge = objDomain.Get("maxPwdAge")

		

			If objMaxPwdAge.LowPart > 0 Then

				dblMaxPwdNano = Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)

				dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND

				dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)

		

				If intTimeInterval >= dblMaxPwdDays Then

					WScript.Echo "The password for " & objUser.DisplayName & " has expired."

					'objUser.SetPassword strDefaultPassword

					'objUser.SetInfo

					objLog.WriteLine Now & " - reset password for " & objUser.distinguishedName

				Else

					'WScript.Echo "The password for " & objUser.DisplayName & " has not expired."

				End If

			End If

		End If

	End If

	adoRecordset.MoveNext

Wend



objLog.Close

WScript.Echo VbCrLf & VbCrLf & "Finished."

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
shadow copies 7 69
VB Script to add site to Java Exception List 4 49
Excel copy picture into Outlook email 7 44
How to restore security permissions on a file server 4 39
Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now