Jump to content
Sign in to follow this  
rikho

Reset password of a ADusers from a computer in another domain

Recommended Posts

rikho

Hello,

i use this script bellow, and call it from a Gui with a runas commandline....

anyway it mean to allow to reset a user password only from a computer

that is already in the same domain. Is someone can tell how to modify it

to call another ActiveDirectory to be able to reset a user password of

another domain ?

' ResetPassword.vbs
' VBScript program to reset the password for a user.
' The program also enables the account and expires the password.
' User must pass the NT Logon Name (sAMAccountName) of the user
' and the new password as arguments. User must have administrative
' privileges. The client must be able to make a SSL connection to
' the Domain Controller.
'
' ----------------------------------------------------------------------
' Copyright (c) 2003 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - March 3, 2003
' Version 1.1 - April 18, 2003 - Remove trailing backslash from
'                               strNetBIOSDomain.
' Version 1.2 - January 25, 2004 - Modify error trapping.
' Version 1.3 - March 18, 2004 - Modify NameTranslate constants.
' Version 1.4 - July 30, 2007 - Escape any "/" characters in User DN.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

Option Explicit

Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strPassword, strUserNTName

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

If (Wscript.Arguments.Count <> 2) Then
    Wscript.Echo "Syntax Error. Correct syntax is:"
    Wscript.Echo "cscript ResetPassword.vbs UserNTName NewPassword"
    Wscript.Quit
End If

strUserNTName = Wscript.Arguments(0)
strPassword = Wscript.Arguments(1)

' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")


' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strUserNTName
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "User " & strUserNTName _
        & " not found in Active Directory"
    Wscript.Echo "Program aborted"
    Wscript.Quit
End If
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Escape any forward slash characters, "/", with the backslash
' escape character. All other characters that should be escaped are.
strUserDN = Replace(strUserDN, "/", "\/")

' Bind to the user object in Active Directory with the LDAP provider.
On Error Resume Next
Set objUser = GetObject("LDAP://" & strUserDN)
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "User " & strUserNTName _
        & " not found in Active Directory"
    Wscript.Echo "Program aborted"
    Wscript.Quit
End If
objUser.SetPassword strPassword
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "Password NON reseté pour " &vbCrLf & strUserNTName
    Wscript.Echo "Password " & strPassword & " n'est pas autorisé, ou"
    Wscript.Echo "le client ne supporte pas de connection SSL."
    Wscript.Echo "Program stoppé"
    Wscript.Quit
Else
'   objUser.AccountDisabled = False
    objUser.Put "pwdLastSet", 0
    Err.Clear
    objUser.SetInfo
    If (Err.Number <> 0) Then
        On Error GoTo 0
'       Wscript.Echo "Password reset for " & strUserNTName
'       Wscript.Echo "But, unable to enable account or expire password"
        Wscript.Quit
    End If
End If
On Error GoTo 0

'Wscript.Echo "Password reset, account enabled,"
'Wscript.Echo "and password expired for user " & strUserNTName

' Clean up.
Set objRootDSE = Nothing
Set objTrans = Nothing
Set objUser = Nothing

Thanks for your help.

Share this post


Link to post
Share on other sites
water

You could write the whole thing in AutoIt using adfunctions.au3

Function _ADSetPassword should do what you want. But first you'll have to change the following settings:

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext"); Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get("dnsHostName"); Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get("ConfigurationNamingContext"); Retrieve the Configuration naming context

; Or use comment out above 3 lines and uncomment below to specify settings:
;Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
;Global $strHostServer = "servername.subdomain.example.com"
;Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
rikho

You could write the whole thing in AutoIt using adfunctions.au3

Function _ADSetPassword should do what you want. But first you'll have to change the following settings:

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext"); Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get("dnsHostName"); Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get("ConfigurationNamingContext"); Retrieve the Configuration naming context

; Or use comment out above 3 lines and uncomment below to specify settings:
;Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
;Global $strHostServer = "servername.subdomain.example.com"
;Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"

Thank you !

i haven't seen this function

i'll gonna try it soon

thks again !

Share this post


Link to post
Share on other sites
Naveed

Thank you !

i haven't seen this function

i'll gonna try it soon

thks again !

Hi I am a complete newbie to Autoit and would like some help with using this script to reset a lan password on AD.

Can you give me some example script and an explanation.

Thanks.

Share this post


Link to post
Share on other sites
water

Download the adfunctions.au3 and use function _ADSetPassword. If you need to set the password of an user in another domain, please see post #2.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Naveed

Download the adfunctions.au3 and use function _ADSetPassword. If you need to set the password of an user in another domain, please see post #2.

Hi,

I have downloaded adfunctions.au3 and added to the include folder in the autoit directory.

However i dont know how to use the funcion _ADSetPassword.

Could you please show me a functioning script with this function included?

Thanks in advance.

Naveed

Share this post


Link to post
Share on other sites
water

That's quite simple:

_ADSetPassword(_ADSamAccountNameToFQDN(@Username),"New Value or Empty to clear the password")

This will set the password of the current user (your user) to the value specified or clear the passwaord if no value is specified.

To reset the password of another user please replace @username with the samaccountname of the desired user.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Naveed

That's quite simple:

_ADSetPassword(_ADSamAccountNameToFQDN(@Username),"New Value or Empty to clear the password")

This will set the password of the current user (your user) to the value specified or clear the passwaord if no value is specified.

To reset the password of another user please replace @username with the samaccountname of the desired user.

Thankyou Very Much, Got it working finally..........

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.