Reset password of a ADusers from a computer in another domain

[rikho]

Hello,

i use this script bellow, and call it from a Gui with a runas commandline....

anyway it mean to allow to reset a user password only from a computer

that is already in the same domain. Is someone can tell how to modify it

to call another ActiveDirectory to be able to reset a user password of

another domain ?

expandcollapse popup

' ResetPassword.vbs
' VBScript program to reset the password for a user.
' The program also enables the account and expires the password.
' User must pass the NT Logon Name (sAMAccountName) of the user
' and the new password as arguments. User must have administrative
' privileges. The client must be able to make a SSL connection to
' the Domain Controller.
'
' ----------------------------------------------------------------------
' Copyright (c) 2003 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - March 3, 2003
' Version 1.1 - April 18, 2003 - Remove trailing backslash from
'                               strNetBIOSDomain.
' Version 1.2 - January 25, 2004 - Modify error trapping.
' Version 1.3 - March 18, 2004 - Modify NameTranslate constants.
' Version 1.4 - July 30, 2007 - Escape any "/" characters in User DN.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

Option Explicit

Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strPassword, strUserNTName

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

If (Wscript.Arguments.Count <> 2) Then
    Wscript.Echo "Syntax Error. Correct syntax is:"
    Wscript.Echo "cscript ResetPassword.vbs UserNTName NewPassword"
    Wscript.Quit
End If

strUserNTName = Wscript.Arguments(0)
strPassword = Wscript.Arguments(1)

' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")


' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strUserNTName
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "User " & strUserNTName _
        & " not found in Active Directory"
    Wscript.Echo "Program aborted"
    Wscript.Quit
End If
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Escape any forward slash characters, "/", with the backslash
' escape character. All other characters that should be escaped are.
strUserDN = Replace(strUserDN, "/", "\/")

' Bind to the user object in Active Directory with the LDAP provider.
On Error Resume Next
Set objUser = GetObject("LDAP://" & strUserDN)
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "User " & strUserNTName _
        & " not found in Active Directory"
    Wscript.Echo "Program aborted"
    Wscript.Quit
End If
objUser.SetPassword strPassword
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "Password NON reseté pour " &vbCrLf & strUserNTName
    Wscript.Echo "Password " & strPassword & " n'est pas autorisé, ou"
    Wscript.Echo "le client ne supporte pas de connection SSL."
    Wscript.Echo "Program stoppé"
    Wscript.Quit
Else
'   objUser.AccountDisabled = False
    objUser.Put "pwdLastSet", 0
    Err.Clear
    objUser.SetInfo
    If (Err.Number <> 0) Then
        On Error GoTo 0
'       Wscript.Echo "Password reset for " & strUserNTName
'       Wscript.Echo "But, unable to enable account or expire password"
        Wscript.Quit
    End If
End If
On Error GoTo 0

'Wscript.Echo "Password reset, account enabled,"
'Wscript.Echo "and password expired for user " & strUserNTName

' Clean up.
Set objRootDSE = Nothing
Set objTrans = Nothing
Set objUser = Nothing

Thanks for your help.

[water]

You could write the whole thing in AutoIt using adfunctions.au3

Function _ADSetPassword should do what you want. But first you'll have to change the following settings:

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext"); Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get("dnsHostName"); Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get("ConfigurationNamingContext"); Retrieve the Configuration naming context

; Or use comment out above 3 lines and uncomment below to specify settings:
;Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
;Global $strHostServer = "servername.subdomain.example.com"
;Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"

[rikho]

You could write the whole thing in AutoIt using adfunctions.au3

Function _ADSetPassword should do what you want. But first you'll have to change the following settings:

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext"); Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get("dnsHostName"); Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get("ConfigurationNamingContext"); Retrieve the Configuration naming context

; Or use comment out above 3 lines and uncomment below to specify settings:
;Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
;Global $strHostServer = "servername.subdomain.example.com"
;Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"

Thank you !

i haven't seen this function

i'll gonna try it soon

thks again !

[Naveed]

Thank you !

i haven't seen this function

i'll gonna try it soon

thks again !

Hi I am a complete newbie to Autoit and would like some help with using this script to reset a lan password on AD.

Can you give me some example script and an explanation.

Thanks.

[water]

Download the adfunctions.au3 and use function _ADSetPassword. If you need to set the password of an user in another domain, please see post #2.

Edited December 21, 2009 by water

[Naveed]

Download the adfunctions.au3 and use function _ADSetPassword. If you need to set the password of an user in another domain, please see post #2.

Hi,

I have downloaded adfunctions.au3 and added to the include folder in the autoit directory.

However i dont know how to use the funcion _ADSetPassword.

Could you please show me a functioning script with this function included?

Thanks in advance.

Naveed

[water]

That's quite simple:

_ADSetPassword(_ADSamAccountNameToFQDN(@Username),"New Value or Empty to clear the password")

This will set the password of the current user (your user) to the value specified or clear the passwaord if no value is specified.

To reset the password of another user please replace @username with the samaccountname of the desired user.

[Naveed]

That's quite simple:

_ADSetPassword(_ADSamAccountNameToFQDN(@Username),"New Value or Empty to clear the password")

This will set the password of the current user (your user) to the value specified or clear the passwaord if no value is specified.

To reset the password of another user please replace @username with the samaccountname of the desired user.

Thankyou Very Much, Got it working finally..........