Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » force user to change password on next logon
force user to change password on next logon [message #338773] Tue, 08 December 2009 18:26 Go to next message
Hitesh Hansalia  is currently offline Hitesh Hansalia  United States
Messages: 2
Registered: December 2009
Junior Member
We have single domain Windows Server 2003 AD environment. I need force user to change password on next logon in single OU. I have a script that works with OU at the top of the hierarchy but not with nested
OU's. See the script below:

' PwdLastSet .vbs
' VBScript to force a user to change password at next logon
' ------------------------------------------------------------ --'

Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain
Dim intCounter, intPwdValue

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' ------------------------------------------------------------ -'
' Important change OU= to reflect your domain
' ------------------------------------------------------------ -'

strContainer = "OU=XXXX Rica,OU=XXXX, "
strContainer = strContainer & strDNSDomain

intCounter = 0

' Here we force a change of password at next logon
intPwdValue = 0

' Loop through OU=, resetting all user accounts
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.Put "PwdLastSet", intPwdValue
objUser.SetInfo
End If
intCounter = intCounter +1
Next

' Optional section to record how many accounts have been set
WScript.Echo "PwdLastSet = " & intPwdValue _
& vbCr & "Accounts changed = " & intCounter
WScript.Quit

' End of Sample PwdLastSet VBScript




Submitted via EggHeadCafe - Software Developer Portal of Choice
ADO.NET Handling Concurrency Issues and Null Values in Updates
http://www.eggheadcafe.com/tutorials/aspnet/cf678707-215d-4a b2-8a62-61d636c0a04a/adonet-handling-concurre.aspx
Re: force user to change password on next logon [message #338851 is a reply to message #338773] Tue, 08 December 2009 19:53 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Hitesh Hansalia" wrote in message
news:2009128202651hitesh@glidewelldental.com...
> We have single domain Windows Server 2003 AD environment. I need force
> user to change password on next logon in single OU. I have a script that
> works with OU at the top of the hierarchy but not with nested
> OU's. See the script below:
>
> ' PwdLastSet .vbs
> ' VBScript to force a user to change password at next logon
> ' ------------------------------------------------------------ --'
>
> Option Explicit
> Dim objOU, objUser, objRootDSE
> Dim strContainer, strDNSDomain
> Dim intCounter, intPwdValue
>
> ' Bind to Active Directory Domain
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
>
> ' ------------------------------------------------------------ -'
> ' Important change OU= to reflect your domain
> ' ------------------------------------------------------------ -'
>
> strContainer = "OU=XXXX Rica,OU=XXXX, "
> strContainer = strContainer & strDNSDomain
>
> intCounter = 0
>
> ' Here we force a change of password at next logon
> intPwdValue = 0
>
> ' Loop through OU=, resetting all user accounts
> set objOU =GetObject("LDAP://" & strContainer )
> For each objUser in objOU
> If objUser.class="user" then
> objUser.Put "PwdLastSet", intPwdValue
> objUser.SetInfo
> End If
> intCounter = intCounter +1
> Next
>
> ' Optional section to record how many accounts have been set
> WScript.Echo "PwdLastSet = " & intPwdValue _
> & vbCr & "Accounts changed = " & intCounter
> WScript.Quit
>
> ' End of Sample PwdLastSet VBScript
>

You can use a recursive subroutine to handle nested OU's. For example (not
tested):
============
Option Explicit
Dim strOU, objOU, intCounter

' Specify the parent (top level) OU.
strOU = "ou=West,dc=MyDomain,dc=com"

' Bind to the parent OU.
Set objOU = GetObject("LDAP://" & strParent)

' Variable intCounter has global scope.
intCounter = 0
Call EnumOU(objOU)

Wscript.Echo "Accounts changed: " & CStr(intCounter)

Sub EnumOU(ByVal objParent)
' Recursive subroutine to process all users in an OU
' and all sub OU's.

Dim objUser, objChild

' Enumerate all users in the OU.
objParent.Filter = Array("user")
For Each objUser In objParent
' Skip computer objects.
If (objUser.Class = "user") Then
objUser.Put "pwdLastSet", 0
objUser.SetInfo
intCounter = intCounter + 1
End If
Next

' Enumerate all child OU's.
objParent.Filter = Array("organizationalUnit")
For Each objChild In objParent
Call EnumOU(objChild)
Next
End Sub

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
recursive subroutine to handle [message #339554 is a reply to message #338851] Wed, 09 December 2009 16:42 Go to previous message
Hitesh Hansalia  is currently offline Hitesh Hansalia  United States
Messages: 2
Registered: December 2009
Junior Member
Thanks Richard, I got Logic of Recursive call and it is workign afer defining few unspecified dims.



Richard Mueller [MVP] wrote:

"Hitesh Hansalia" wrote in messageYou can use a recursive subroutine to handle
08-Dec-09

"Hitesh Hansalia" wrote in message

You can use a recursive subroutine to handle nested OU's. For example (not
tested):
============
Option Explicit
Dim strOU, objOU, intCounter

' Specify the parent (top level) OU.
strOU = "ou=West,dc=MyDomain,dc=com"

' Bind to the parent OU.
Set objOU = GetObject("LDAP://" & strParent)

' Variable intCounter has global scope.
intCounter = 0
Call EnumOU(objOU)

Wscript.Echo "Accounts changed: " & CStr(intCounter)

Sub EnumOU(ByVal objParent)
' Recursive subroutine to process all users in an OU
' and all sub OU's.

Dim objUser, objChild

' Enumerate all users in the OU.
objParent.Filter = Array("user")
For Each objUser In objParent
' Skip computer objects.
If (objUser.Class = "user") Then
objUser.Put "pwdLastSet", 0
objUser.SetInfo
intCounter = intCounter + 1
End If
Next

' Enumerate all child OU's.
objParent.Filter = Array("organizationalUnit")
For Each objChild In objParent
Call EnumOU(objChild)
Next
End Sub

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Previous Posts In This Thread:


Submitted via EggHeadCafe - Software Developer Portal of Choice
SQL Server FOR XML EXPLICIT Examples
http://www.eggheadcafe.com/tutorials/aspnet/a9905a88-b4b6-40 f1-bf58-6f0cacdd9000/sql-server-for-xml-explic.aspx
Previous Topic:Setting Time Format across the domain
Next Topic:Deafult Domain Policy not applied to some users/computers
Goto Forum:
  


Current Time: Fri Jan 19 00:40:04 MST 2018

Total time taken to generate the page: 0.02904 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software