.vbs script to reset users passwords for non-domain admin accounts?

Chopper

Chopper

Chopper

Associate
Joined
18 Oct 2002
Posts
1,159
Location
Peterborough
.vbs script to reset users passwords for non-domain admin accounts?

so far i have:

strUser = InputBox("Please enter the User's Name that requires the Password to be Reset:")
strOU = InputBox("Please enter the OU that contains the User's Account:")
Set objUser = GetObject("LDAP://CN=" & strUser & ",OU=" & strOU & ",DC=**********,DC=****")
objUser.SetPassword "Passw0rd"
MsgBox "The User's Password has now been Reset Successfully."

but for non-domain admin accounts this clearly isnt going to work, i have created a domain admin account for this but need to basically have the script say: hey i know im not a domain admin account but use these credentials for this operation, anyone got any ideas?
 
Try this one.

Make sure to put the OU name. It will change password and also set the user to change password at last logon. If not desired, remove these lines from the script:

objUser.put "pwdlastset", 0
objuser.setinfo


Code: 
'---------Start Here-----
Dim oRootDSE ,oDomain ,obj, objUser, oConnection, oCommand
Dim RS, strQuery, strAlias, varDomainNC, varOU

On Error Resume Next
Set oRootDSE = GetObject("LDAP://RootDSE")
varDomainNC = oRootDSE.Get("defaultNamingContext")
set oConnection = CreateObject("ADODB.Connection")
oConnection.Open "Provider=ADsDSOobject;"

varOU = "OU=Temp," 'Put OU name here, make sure to put Comma at the end

strQuery = ";(objectclass=user);adspath;subtree"

set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.CommandText = strQuery

Set RS = oCommand.Execute
If RS.RecordCount = 0 Then
    wscript.echo strAlias, "There are no users"
Else
wscript.echo RS.RecordCount & " users found"
    While Not RS.EOF
        Set objUser = GetObject(RS.Fields("adspath"))
        wscript.echo "Alias:    " & objUser.name
    objUser.SetPassword("Passw0rd")
    objUser.put "pwdlastset", 0
    objuser.setinfo
        RS.MoveNext
    Wend
    wscript.echo "Password Reset Complete"
    obj = Nothing
    objUser = Nothing
End If

oRootDSE = Nothing
oDomain = Nothing
Set oConnection = Nothing
Set oCommand = Nothing
Set RS = Nothing
'--------End---------

You have to make sure that you put the name of the OU correctly. For example, your domain is mydomain.com and the OU that you have created there is Temp, then put the following line:

varOU = "OU=Temp,"

The script will automatically get the full DN, which will be
OU=temp,DC=mydomain,DC=com in this case.

For testing, create an OU with name Temp at the root level of your domain and move some users to this OU and then run this script.

Another thing, if your users are in a container, not an OU, then change OU=Temp to CN=Temp.
 
What i have actually works, its just that i want it to be run by users without domain access so its a few lines to hardcode the username and password the script has to be run as...
 
^^
as above (Curiosityx post) is better
but if you didn't want it in VB.


SET /P doej=enter users name
%windir%\system32\runas.exe /USER:domain\domain-admin "NET USER %doej% * /DOMAIN"

but then you are revealing a domain password (but there are workarounds for this)



.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom