Link to home
Start Free TrialLog in
Avatar of SamKira
SamKira

asked on

Changing AD users data using a batch file

i need to change the password of several hundreds of users in AD.

How do I do that?

This is what I did but for some students is working and for some is not and I can't figure it out why.

I created a batch file with all users like this:

dsmod user "CN=424242 ,ou=Students,dc=mycollege,dc=com"  -pwd 999999

Open in new window


Where 424242 let's say the student login and 999999 is the new password

The results are the following:
dsmod succeeded:CN=424242\ ,ou=Students,dc=mycollege,dc=com
if it when well
and:
dsmod failed:CN=424242\ ,ou=Students,dc=mycollege,dc=com:Directory object not found.
type dsmod /? for help.

I also added the following so I can read a log file and see wictch students were not changed
dsmod user "CN=424242 ,ou=Students,dc=mycollege,dc=com"  -pwd 999999 1>> Result.txt 2>&1

Open in new window


I'm using the provided student id from HR for the batch file that in AD is the User logon Name. Maybe I need to use the FQDN or something else?

And for the batch file, how do I add a \n or Enter after each output:

I get results like this:

dsmod succeeded:CN=1232293\ ,ou=Students,dc=mycollege,dc=com
dsmod failed:CN=1131610\ ,ou=Students,dc=mycollege,dc=com:Directory object not found.
type dsmod /? for help.dsmod failed:CN=1131610\ ,ou=Students,dc=mycollege,dc=com:Directory object not found.
type dsmod /? for help.
dsmod succeeded:CN=1232293\ ,ou=Students,dc=mycollege,dc=com

And want results like this:

dsmod succeeded:CN=1232293\ ,ou=Students,dc=mycollege,dc=com
dsmod failed:CN=1131610\ ,ou=Students,dc=mycollege,dc=com
dsmod failed:CN=1131610\ ,ou=Students,dc=mycollege,dc=com
dsmod succeeded:CN=1232293\ ,ou=Students,dc=mycollege,dc=com
Avatar of Giovanni
Giovanni
Flag of United States of America image

Here is a script which will perform the task for you...

@echo off
rem. *************************************************************************************************************************
rem.  Solution to set the same password from multiple AD users in varying OUs.
rem.
rem.  Created and posted by Giovanni Heward on Experts-Exchange.com
rem.  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/viewQuestionPrinterFriendly.jsp?qid=24571799
rem. *************************************************************************************************************************
if [%1]==[] (
	echo.
	echo useage: changepass [userlist.txt]
	echo         Where userlist.txt contains DN of each user oject, one per line.
	echo.         
	echo         Make sure each line does NOT contain quotes, for example:
	echo         CN=Testy Testerson,OU=Employees,DC=Contoso,DC=Com
	echo.
	goto :eof
)
setlocal enabledelayedexpansion
if not exist %1 (echo Active Directory user list DN file [%1] does not exist.&goto :eof)
set /p pwd=Enter new password for all user objects:
for /f "tokens=*" %%u in (%1) do (
 set user=%%u
 call :CHANGEPASS !user! !pwd!
 echo Changed password for !user!
)
goto :eof
 
:CHANGEPASS
if [!user!]==[] goto :eof
dsmod user "!user!" -canchpwd yes -pwdneverexpires no
dsmod user "!user!" -pwd "!pwd!" -mustchpwd yes

Open in new window

Create the list of users by running the following command...

dsquery user -limit 0 >userlist.txt

Make sure you edit the list to remove all quotes and all users you don't intend to change the password of.
ASKER CERTIFIED SOLUTION
Avatar of Giovanni
Giovanni
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
BTW, if you already have a list of all student logon ID's, then you can obtain the correct DN  by running....

dsquery user -samid 424242

or

dsquery user -samid 424242*

To use with my script try...

dsquery user -samid 424242>>userlist.txt

Of course my script above could be modified to read a text file using logon usernames only, lookup the corresponding DN, and then pass that given user object DN to the changepass function.
Avatar of SamKira
SamKira

ASKER

Thank you mutch for the scripts, I would take a look at them and test them.

I notice something doing the dsquery user -samid 424242
The results are as follow:

On all the ones that my script worked their CN was like this:
"CN=424242\ ,OU=Students,DC=mycollege,DC=com"
"CN=525252\ ,OU=Students,DC=mycollege,DC=com"

Those that didn't work were like this:
"CN=626262,OU=Students,DC=mycollege,DC=com"
"CN=727272,OU=Students,DC=mycollege,DC=com"

How come they work when they have "\ " at the end and where can I see that?
Is there a way I can modify my original command to take that in consideration?
dsmod user "CN=424242 ,ou=Students,dc=mycollege,dc=com"  -pwd 999999

Thank you so much for your help and I'll take a look at those scripts you put in here.
Avatar of SamKira

ASKER

Ok I was able to run this command again:
dsmod user "CN=424242 ,ou=Students,dc=mycollege,dc=com"  -pwd 999999
but this time removing the sapce before the first ,ou= like this:
dsmod user "CN=424242,ou=Students,dc=mycollege,dc=com"  -pwd 999999

It seems that when we created the list of new students they were created with a space in their CN.

I can always delete those new students and ceate them again correctly but I was wondering if there is a way to change a CN from let's say "1111 " to "1111"?

i need to remove that space on their CN name for all those students.

Thanks
You can rename an object using LDIFDE...

This would require creating a LDF file for each object...

move-ex.ldf

dn: CN=424242\ ,OU=Students,DC=mycollege,DC=com
changeType: modrdn
newrdn: CN=424242
deleteOldRdn: 1

Then running the following command:

ldifde -i -f move-ex.ldf

As mentioned in my previous post, dsquery user -limit 0 >userlist.txt would create a list of all user objects and would include the full and correct DN of each object, regardless of whether or not a space is included.
Avatar of SamKira

ASKER

Thank you so much, you sir are an expert on this.