missymadi
asked on
Powershell script to reset user passwords in Windows and Linux
Experts,
We have a configuration of MS AD and Linux authenticating using Samba, Winbind with PAM and NSS all configured on our network. What capabilities does this give me with managing Linux user accounts with AD? I read an article that discusses the authentication to AD using Winbind however Group policy is not available - as of yet. Does this mean I cannot have a Powershell script to reset user passwords on XP boxes and Linux boxes? What are the capabilities of administration on this setup?
THanks, Missymadi
We have a configuration of MS AD and Linux authenticating using Samba, Winbind with PAM and NSS all configured on our network. What capabilities does this give me with managing Linux user accounts with AD? I read an article that discusses the authentication to AD using Winbind however Group policy is not available - as of yet. Does this mean I cannot have a Powershell script to reset user passwords on XP boxes and Linux boxes? What are the capabilities of administration on this setup?
THanks, Missymadi
ASKER
Could I have a little more information on how you accomplished this issue? Maybe some steps to follow to achieve the password sync?
Well the users use a php page that do the change in LDAP. In that page we aded one line of code that launch a vbs script on a ssh server. In the parameters of the vbs on put the user name and the password.
On the Windows controller we implemented an ssh server that accept certificate authentication. That allow to execute the vbs as administrator without password and deny all other connexions.
Like that the password is sent using a secure way (ssh cripted channel).
On the AD users can't change the password and we deactivated all tests on the passwords, except the expiration timeout. But when the password is expired, the user must call tech support.
If you need the vbs script I can send it to you, but is a basic password change script.
And we also keeped all user management on the LDAP side (site changes, passwords changes, user creation and user deletion)
Dan
On the Windows controller we implemented an ssh server that accept certificate authentication. That allow to execute the vbs as administrator without password and deny all other connexions.
Like that the password is sent using a secure way (ssh cripted channel).
On the AD users can't change the password and we deactivated all tests on the passwords, except the expiration timeout. But when the password is expired, the user must call tech support.
If you need the vbs script I can send it to you, but is a basic password change script.
And we also keeped all user management on the LDAP side (site changes, passwords changes, user creation and user deletion)
Dan
ASKER
Yes, could you please forward the script.
Thank you,
Missymadi
Thank you,
Missymadi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well I resolved a situation like this on the other side.
We started with an LDAP and we made the syncro with AD. All users change the passwords using a web page that do both changes (in LDAP and AD)
You can modify the page to allow a your desk support to change the passwords.
Dan