Announcement

Collapse
No announcement yet.

Mass changing of passwords possible?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mass changing of passwords possible?

    Im in a school environment, and to reduce the huge amount of password enquiries we'd get, we've always set passwords for the students, kept a list and not allowed them to change it.

    However that list is now quite out of date and we'd like to reset everyones password, however I cant think of a tool that would do this for me? I normally use net user to add users including passwords but I dont know how to just replace passwords...is it possible?

    All server 2003 if that makes any difference

  • #2
    Re: Mass changing of passwords possible?

    I think a read at this may help

    http://www.experts-exchange.com/Oper..._21335583.html

    Please note that this is NOT my script and all rights are the owners.

    '************************************************* *********************************
    ' SetPassword.vbs
    '
    ' The SetPassword method operates differently on Windows 2000 than it does on XP...
    ' Prior to Windows XP, ADSI called NetUserSetInfo in the security context in which
    ' the thread was running, and not in the security context specified in the call to
    ' OpenDSObject. As a result, the SetPassword method can fail on Windows 2000 if
    ' the script is run in a user context that does not have sufficient rights.
    '
    ' To avoid this issue, run this script from Windows XP (or higher) or use the RUNAS
    ' command to provide alternate credentials.
    '
    ' NOTE: After this script finishes it may be a few minutes before the new
    ' passwords take effect.
    '
    ' Lynn C. Ransdell, 03/03/2005
    '
    '************************************************* *********************************

    ' This script reads a CSV file containing the "username" and new password. The
    ' username is the "login name" or SAM account name. We use this to find the
    ' "distinguished name" from Active Directory in order to be able to reset the password.
    '
    ' Sample file would read:
    '
    ' ThomasJ,N123456
    ' StacyR,N012345
    ' BobL,N999888
    ' etc...
    '
    ' 2003 AD, single DC.
    '************************************************* *********************************

    Const ADS_SCOPE_SUBTREE = 2
    Const ADS_SECURE_AUTHENTICATION = 1

    AdminUser = "Administrator" ' Be sure to change
    AdminPswd = "admin" ' change these
    InputFile = "e:\ee\Users.txt" ' 4 variables to
    Domain = "fabrikam.com" ' match your environment

    ' if your domain name is more than 2 nodes, or you just want the code to be "dynamic",
    ' you can use "split" to create an array of nodes and adjust the logic below to loop
    ' thru the array to build the correct SELECT statement string.
    '
    part1 = Left(Domain,Instr(Domain,".") - 1)
    part2 = Mid(Domain,Instr(Domain,".") + 1)

    Set FSO = CreateObject("Scripting.FilesyStemObject")
    Set oFile = FSO.OpenTextFile(InputFile)

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    Set openDS = GetObject("LDAP:")

    Do Until oFile.AtEndOfLine
    LineIn = oFile.ReadLine
    Field = Split(LineIn, ",")
    If Ubound(Field) > 0 Then
    Field(0) = trim(Field(0))
    Field(1) = trim(Field(1))

    objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://dc=" & part1 & ",dc=" & part2 & "' " & _
    "WHERE objectCategory = 'user' " & _
    "AND SAMAccountName = '" & Field(0) & "'"
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    DN = objRecordSet.Fields("distinguishedName").Value
    ''' Wscript.Echo "SAMacct= " & Field(0) & " DN= " & DN

    'get the user acct info based on the distinguished name
    'and set the new password to what was read from the input file.
    Set usr = openDS.OpenDSObject("LDAP://" & Domain & "/" & DN, AdminUser, AdminPswd, ADS_SECURE_AUTHENTICATION)
    usr.SetPassword Field(1)
    ''' Wscript.Echo "Password set to: " & Field(1)

    objRecordSet.MoveNext
    Loop
    End If
    Loop

    oFile.Close

    Set usr = Nothing
    Set objCommand.ActiveConnection = Nothing
    Set objCommand = Nothing
    Set objConnection = Nothing
    Set openDS = Nothing
    Set oFile = Nothing
    Set FSO = Nothing

    Comment


    • #3
      Re: Mass changing of passwords possible?

      You could use admod.exe from joeware.net (http://www.joeware.net/win/free/index.htm)

      An example from the help is below:

      admod -b cn=someuser,cn=users,dc=joehome,dc=net #setpwd#::newpass
      Sets password for someuser.

      This is a very powerfull tool so watch out which you can also script. He also has quite a few other usefull tools so check it out

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Mass changing of passwords possible?

        Thanks Michael, that works a treat, really good tool

        And thanks Wullie, that looks interesting too

        Comment


        • #5
          Re: Mass changing of passwords possible?

          Just found this one from joeware.net as well:

          http://www.joeware.net/win/free/tools/changepw.htm

          Not as powerfull, but maybe that's a good thing

          Michael
          Michael Armstrong
          www.m80arm.co.uk
          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: Mass changing of passwords possible?

            This worked great for me:

            http://www.windowsdevcenter.com/pub/...passwords.html

            DSMOD

            If you have any questions using it, don't hesitate to ask, I think I still have my script sitting around somewhere.
            Brad

            Comment


            • #7
              Re: Mass changing of passwords possible?

              Hi Brad, sure, share it if you can.
              Cheers,

              Daniel Petri
              Microsoft Most Valuable Professional - Active Directory Directory Services
              MCSA/E, MCTS, MCITP, MCT

              Comment


              • #8
                Re: Mass changing of passwords possible?

                Here is the script:

                Code:
                dsmod user "CN=john doe,OU=Marketing,DC=domain,DC=local" -pwd [email protected]$$w0rd
                I made this easy by exporting all the needed data into an Excel document and then utilized the CONCATENATE function to bring everything together into one line, copied all of the lines (about sixty for me) and pasted them into a batch script. I separated it by departments in order to test on a small number of users, but it worked out well.
                Brad

                Comment


                • #9
                  Re: Mass changing of passwords possible?

                  I found that piping is quite helpful and saves some time.

                  dsquery user ou=Accounts,dc=testlab,dc=net | dsmod user -pwd newpass1 -mustchpwd yes

                  This is all one string.

                  Comment

                  Working...
                  X