Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

auto change password to default password when userid account password expires

Posted on 2010-08-30
3
Medium Priority
?
473 Views
Last Modified: 2012-05-10
Hi, i like to have a script which will change password to default when password expires. For example, if a user password is expired, it will be auto set to default password and the userid of the user will be reflected in the output file so that we can do the nesessary to change it. can this script be done up?
0
Comment
Question by:Shankar3003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:rjunaid79
ID: 33564257
the following site has very very cool scripts, will help you...

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/#DetAccountExp.htm

you have two requirement,
to know "when password is going to expire"
to Set a password

this site has both script is separate form, see if these are helpful

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/#DetPasswExp.htm
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/#SetUserPwd.htm
0
 
LVL 6

Expert Comment

by:rjunaid79
ID: 33564272
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 33564410
Hi, this script will do the job for you.  It will need to be scheduled to run once per day or whatever you need.  Modify these lines:

strLogFile = "\\server\share\expiredpasswordresetlog.txt"
strDefaultPassword = "defaultpassword"
strOUPath = "ou=users,ou=main office,"

Leave strOUPath as a blank string
strOUPath = ""

if you want it to run over your entire AD.

For the moment, I have commented out these two lines:
                              'objUser.SetPassword strDefaultPassword
                              'objUser.SetInfo

so that you can check the output, and make sure it identifies the correct accounts, before making any changes.  When you're happy with that, uncomment those lines by removing the apostrophe, and it will set the password.

Regards,

Rob.
' Source: http://www.chineseinnorthamerica.com/technical/active%20directory/articles/password%20expires.html
' Under: Listing 7. Answer to the exercise
'On Error Resume Next

If Right(LCase(WScript.FullName), 11) = "wscript.exe" Then
	Set objShell = CreateObject("WScript.Shell")
	objShell.Run "cmd /k cscript """ & WScript.ScriptFullName & """", 1, False
	Set objShell = Nothing
	WScript.Quit
End If

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ONE_HUNDRED_NANOSECOND    = .000000100
Const SECONDS_IN_DAY            = 86400

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

 ' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")

strLogFile = "\\server\share\expiredpasswordresetlog.txt"
strDefaultPassword = "defaultpassword"
strOUPath = "ou=users,ou=main office,"

If strOUPath <> "" Then
	If Right(strOUPath, 1) <> "," Then strOUPath = strOUPath & ","
End If

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLog = objFSO.OpenTextFile(strLogFile, 8, True)

strBase = "<LDAP://" & strOUPath & strDNSDomain & ">"

strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
'strAttributes = "sAMAccountName,cn"
strAttributes = "adsPath"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute
While Not adoRecordset.EOF
	Set objUser = GetObject(adoRecordset.Fields("adsPath").Value)
	intUserAccountControl = objUser.Get("userAccountControl")
	If Not intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
		On Error Resume Next
		dtmValue = objUser.PasswordLastChanged
		If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
			intTimeInterval = Int(Now - dtmValue)
	
			Set objDomain = GetObject("LDAP://" & strDNSDomain)
			Set objMaxPwdAge = objDomain.Get("maxPwdAge")
		
			If objMaxPwdAge.LowPart > 0 Then
				dblMaxPwdNano = Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
				dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
				dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)
		
				If intTimeInterval >= dblMaxPwdDays Then
					WScript.Echo "The password for " & objUser.DisplayName & " has expired."
					'objUser.SetPassword strDefaultPassword
					'objUser.SetInfo
					objLog.WriteLine Now & " - reset password for " & objUser.distinguishedName
				Else
					'WScript.Echo "The password for " & objUser.DisplayName & " has not expired."
				End If
			End If
		End If
	End If
	adoRecordset.MoveNext
Wend

objLog.Close
WScript.Echo VbCrLf & VbCrLf & "Finished."

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question