Link to home
Create AccountLog in
Avatar of kapil12
kapil12Flag for India

asked on

Not able to authenticate User after loading the LDIF schema in AD2008

We have one schema.ldif file which has certain attributes and I imported using ldifde -i -f schema.ldif in AD2008. It loads all the organizations and users.

Now if I try to access the user from my application using that username and password, it is not allowing me to login. I figure out by checking the properties of the user.

In the Account tab - User must change pssword for next logon was ticked
Account is disabled is ticked

So after unchecking both checkboxes I tried authenticate the user, still it is showing the ldperr.
[08:09:05][** Status: Not Authenticated. 8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0][iisagent][][AABAAA]
(Note: password policy is disabled for AD machine)

So I reset the password for that user and tried accessing. It is working. Now I have 100 users for each org.

So please advice any utility to uncheck the both the checkboxes and reset the password for all the users at one go or some way to resolve this issue

Attached Schema.txt for your ref (change to LDIF). Schema.txt
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image

You may use MS DS Tools for that. All you need is to have plain text file with user names (one username per line) and then on a DC in command-line run

for /f %i in (c:\users.txt) do dsquery user -samid %i | dsmod user -pwd NewPassword0 -disabled no

Regards,
Krzysztof
Hi
   Use the script to reset password for all user


' SetPassword .vbs
' Author sushil.
 -----------------------------------------------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' -----------------------------------------------'
' Important change OU= to reflect your domain
' -----------------------------------------------'
strContainer = "OU=Accounts, "
strPassword = "P@ssw0rd"
strContainer = strContainer & strDNSDomain

' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next

WScript.Quit

' End of Example VBScript: SetPassword


this is vb script ,save this is .vbs
Avatar of kapil12

ASKER

If I try to execute the following script -

Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://CN=Administrator,CN=Users,DC=security,DC=COM")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' -----------------------------------------------'
' Important change OU= to reflect your domain
' -----------------------------------------------'
strContainer = "OU=OrgUnit0, "
strPassword = "firewall"
strContainer = strContainer & strDNSDomain

' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next

WScript.Quit

At line 7 (strDNSDomain = objRootDSE.Get("DefaultNamingContext")) it is saying " Directory property cannot be found in the cache"
ASKER CERTIFIED SOLUTION
Avatar of kapil12
kapil12
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of kapil12

ASKER

It will work but need to do separately for all the orgs or am looking for schema file that will have both the things disabled.

Thanks for the help !!