willxing

Find: Func _AD_Open in AD.au3 it has detailed usage for this function. you can use _AD_Open when you are not in the domain, only need network access to DC. just fill up all the parameters.

o, yeah, that works. next script, allow user to bind 2 workstation only by themselves.

Glad to share with you.

Hi Water would you add a script for put "userWorkstation" into LDAP object? for make user to log on specify desktop and laptop. I don't know these code will works or not, need test in office tomorrow. $FQNM = _AD_SamAccountNameToFQDN() $objUser = ObjGet("LDAP://"&$FQNM) $objUser.put("userWorkstations","desktopA,laptopB,vmC") $objUser.setinfo Thank you and best regards.

the idea is: first you need create a group for safety, then make a user A join this group. assign group to manager change password, but not allow to create or delete object. in script: obtain @logondomain to check if user are log in domain or local. _ad_open with that user A GUIcreate to let user input new password no GUI for user to input username, obtain username by @Username then _AD_SetPassword($user,$password) some user have two domain, one is company's domain, and other is exchange server domain which manager by Top company group. exchange server domain only have one account for us to add and modify account. then use this one, user can modify their "own" password and email password, and can one click modify both as same password with unlock. if something wrong, you just need kick UserA out of the group. you can also make script write log to a file on server, then you can have log of who is always changing his password and what that password is. :evil

Great Script, helps a lot. before I got this, I was ready to compile dsquery and dsmod to user's desktop. now I can make script to let user to change their password without any domain tools. PS, we have 3 different domains, it's always painful to create one user on different DC, now one click can done all the job. Cool~