Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Active Directory Script

Posted on 2011-10-16
9
Medium Priority
?
797 Views
Last Modified: 2012-09-20
I imported 50 or so users to an OU called Test using CSVDE. Once they were imported, all of the accounts were disabled and of course no passwords were added.
I need a script to do the following three things:
 1. Enable all the accounts in that OU
 2. Create a default password for all those users in that OU
 3. Set the password property to "Password never expires" for all the users in that OU
0
Comment
Question by:mnoisette
  • 5
  • 3
9 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 2000 total points
ID: 36976255
If you are able to use powershell and the quest AD cmdlets you can do this

Foreach ($user in (get-qaduser -searchroot "OU=New_Users,DC=DOMAIN,DC=LOCAL"){
Set-qaduser $User -userpassword 'Password1' -passwordneverexpires:$True -enabled:$true
enable-qaduser $User
}
0
 
LVL 5

Expert Comment

by:peter197911
ID: 36976264
dsquery User "ou=LLN-Users,dc=domain,dc=edu" | dsmod user -pwdneverexpires yes -p choosepassword  -disabled no

should also do the job without powershell.
If it's not working, start with the first command (dsquery). This will show you the list of the 50 users. When this one works, add dsmod.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36976286
If using dsmod you will need to set a password before you enable the account

dsmod -pwd NewPassword
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mnoisette
ID: 36977378
Foreach ($user in (get-qaduser -searchroot "OU=New_Users,DC=DOMAIN,DC=LOCAL"){
Set-qaduser $User -userpassword 'Password1' -passwordneverexpires:$True -enabled:$true
enable-qaduser $User
}
I'm getting an error when I run this... Can you check to see if there maybe a syntax problem?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36977386
What error are you getting? Did you change the base OU to search?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36977398
Try this one, i did have a syntax error and forgot to remove one thing from the post.

Foreach ($user in (get-qaduser -searchroot "OU=New_Users,DC=DEVLAB,DC=LOCAL")){ 
Set-qaduser $User -userpassword 'Password1' -passwordneverexpires:$True 
enable-qaduser $User
}

Open in new window

0
 

Author Comment

by:mnoisette
ID: 36977405
PS C:\Documents and Settings\mnoisette> Foreach ($user in (get-qaduser -searchroot "OU=Test,DC=SCRBC2,DC=Local"){Set-qua
duser $User -userpassword 'P@ssw0rd' -passwordneverexpires:$True -enabled:$True enable-qaduser $User}
Unexpected token '{' in expression or statement.
At line:1 char:74
+ Foreach ($user in (get-qaduser -searchroot "OU=Test,DC=SCRBC2,DC=Local"){ <<<< Set-quaduser $User -userpassword 'P@ssw0rd' -passwordneverexpires:$True -enabled:$True enable-qaduser $User}
    + CategoryInfo          : ParserError: ({:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

PS C:\Documents and Settings\mnoisette>
0
 

Author Comment

by:mnoisette
ID: 36989689
This is the error that I am still getting....


PS C:\Documents and Settings\mnoisette> Foreach ($user in(get -qaduser -searchroot "OU=Test,DC=SCRBC2,DC=Local")){Set -qaduser $user -userpassword 'P@ssw0rd' -passwordneverexpires:$True enable -qaduser $True}

The term 'get' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:22
+ Foreach ($user in(get <<<<  -qaduser -searchroot "OU=Test,DC=SCRBC2,DC=Local")){Set -qaduser $user -userpassword 'P@s
sw0rd' -passwordneverexpires:$True enable -qaduser $True}
    + CategoryInfo          : ObjectNotFound: (get:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36989719
It looks like there is a space between "get" and "-qaduser"
and same with set-qaduser


0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question