kapil12
asked on
Not able to authenticate User after loading the LDIF schema in AD2008
We have one schema.ldif file which has certain attributes and I imported using ldifde -i -f schema.ldif in AD2008. It loads all the organizations and users.
Now if I try to access the user from my application using that username and password, it is not allowing me to login. I figure out by checking the properties of the user.
In the Account tab - User must change pssword for next logon was ticked
Account is disabled is ticked
So after unchecking both checkboxes I tried authenticate the user, still it is showing the ldperr.
[08:09:05][** Status: Not Authenticated. 8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0][iisagent][][AABAAA]
(Note: password policy is disabled for AD machine)
So I reset the password for that user and tried accessing. It is working. Now I have 100 users for each org.
So please advice any utility to uncheck the both the checkboxes and reset the password for all the users at one go or some way to resolve this issue
Attached Schema.txt for your ref (change to LDIF). Schema.txt
Now if I try to access the user from my application using that username and password, it is not allowing me to login. I figure out by checking the properties of the user.
In the Account tab - User must change pssword for next logon was ticked
Account is disabled is ticked
So after unchecking both checkboxes I tried authenticate the user, still it is showing the ldperr.
[08:09:05][** Status: Not Authenticated. 8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0][iisagent][][AABAAA]
(Note: password policy is disabled for AD machine)
So I reset the password for that user and tried accessing. It is working. Now I have 100 users for each org.
So please advice any utility to uncheck the both the checkboxes and reset the password for all the users at one go or some way to resolve this issue
Attached Schema.txt for your ref (change to LDIF). Schema.txt
Hi
Use the script to reset password for all user
' SetPassword .vbs
' Author sushil.
-------------------------- ---------- ---------- -'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("DefaultNam ingContext ")
' -------------------------- ---------- ---------- -'
' Important change OU= to reflect your domain
' -------------------------- ---------- ---------- -'
strContainer = "OU=Accounts, "
strPassword = "P@ssw0rd"
strContainer = strContainer & strDNSDomain
' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next
WScript.Quit
' End of Example VBScript: SetPassword
this is vb script ,save this is .vbs
Use the script to reset password for all user
' SetPassword .vbs
' Author sushil.
--------------------------
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("DefaultNam
' --------------------------
' Important change OU= to reflect your domain
' --------------------------
strContainer = "OU=Accounts, "
strPassword = "P@ssw0rd"
strContainer = strContainer & strDNSDomain
' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next
WScript.Quit
' End of Example VBScript: SetPassword
this is vb script ,save this is .vbs
ASKER
If I try to execute the following script -
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://CN=Admin istrator,C N=Users,DC =security, DC=COM")
strDNSDomain = objRootDSE.Get("DefaultNam ingContext ")
' -------------------------- ---------- ---------- -'
' Important change OU= to reflect your domain
' -------------------------- ---------- ---------- -'
strContainer = "OU=OrgUnit0, "
strPassword = "firewall"
strContainer = strContainer & strDNSDomain
' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next
WScript.Quit
At line 7 (strDNSDomain = objRootDSE.Get("DefaultNam ingContext ")) it is saying " Directory property cannot be found in the cache"
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://CN=Admin
strDNSDomain = objRootDSE.Get("DefaultNam
' --------------------------
' Important change OU= to reflect your domain
' --------------------------
strContainer = "OU=OrgUnit0, "
strPassword = "firewall"
strContainer = strContainer & strDNSDomain
' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next
WScript.Quit
At line 7 (strDNSDomain = objRootDSE.Get("DefaultNam
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
It will work but need to do separately for all the orgs or am looking for schema file that will have both the things disabled.
Thanks for the help !!
Thanks for the help !!
for /f %i in (c:\users.txt) do dsquery user -samid %i | dsmod user -pwd NewPassword0 -disabled no
Regards,
Krzysztof