Announcement

Collapse
No announcement yet.

Change User Password in Different Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change User Password in Different Domain

    Rems, this is a challenge for you:

    I need a script to allow a user to change their password in a different domain, with no trust relationship between it and the logged on user

    Don't ask why -- it is a very complex story. Basically:
    User workstation in domain company.local
    Emails in domain company.corp (accessed using RPC/HTTPS)
    User has two logons, one to .local and one to .corp
    Normally, but not always, same username

    What I envisage is perhaps an HTA application to prompt the user for:
    company.corp username (from Drop down list possibly)
    old company.corp password
    new password twice

    if you can work your scripting magic on this problem, the are on me!

    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: Change User Password in Different Domain

    Hi Tom,

    I think the best solution for this would be to use the IISADMPWD password change page.
    URL: https://<server>/iisadmpwd/aexp2.asp?http://google.com

    Here is an example how to use "InternetExplorer.Application" to 'box' the webpage;
    Code:
    Dim oIE
    
    strURL = "https://<server>/iisadmpwd/aexp2.asp?http://google.com"
    
    evtHandlerSet = "IEevt_"
    
    Set oIE = WScript.CreateObject _
         ("InternetExplorer.Application", evtHandlerSet)
    
     On Error Resume next
       oIE.Navigate2(strURL)
     ' Configure the IE window
       oIE.MenuBar = False : oIE.AddressBar = False
       oIE.Resizable = False ': oIE.FullScreen = True 
       oIE.ToolBar = False 
       oIE.StatusBar = False : oIE.RegisterAsDropTarget = False
       oIE.width = 450 : oIE.height = 350 
    
       Do Until oIE.ReadyState = 4 : WScript.Sleep 100 : Loop
    
     If err = 0 Then
       oIE.left = (oIE.document.parentWindow.screen.availWidth - oIE.width ) \ 2
       oIE.top = (oIE.document.parentWindow.screen.availheight - oIE.height) \ 2
     End If
    
       Do Until oIE.document.ReadyState = "complete" : WScript.Sleep 100 : Loop
    
       oIE.Visible = True
       With CreateObject("Wscript.Shell")
         .Appactivate("IIS")
         .SendKeys("^"):wscript.sleep 5
       End With
       
    WScript.DisconnectObject oIE

    If you want to use a script that runs against a 'foreign' AD, the user has to pass credentials several times. One time to change the old password to the new password, one time to authenticate to bind to the AD objects. And may even more times.

    Here are some examples;
    Code:
    ' ChangePassword.vbs
    '
    ' LDAP: "Using ADSI to Authenticate Against Active Directory"
    
    Const ADS_SECURE_AUTHENTICATION = 1
    
    On Error Resume Next 
    err.clear
    
    'declare variables
    Dim authUID, authPass
    Dim dso, vFQOU, objUser 
    Dim strDomain, strUser, strOldPW, strNewPW
    
    ' variables
    strDomain = "<domainname>"
    strUser = "<username>"
    strOldPW = "<Pass01>"
    strNewPW = "<Pass02>"
    
    authUID = altDom & "\" & altUser
    authPass = altPass1
    
    
    'Example 1 ;
    '===========
    '   "using the LDAP: provider to
    '    Authenticate against Active Directory, and bind to the OU"
    
    LDAPString = _
      "LDAP://OU=Users,OU=TEST OU,DC=domain,DC=local"
    
    '> For the script to find the right DNSdomain you can try this LDAP string:
    '> |    LDAPString = "LDAP://domain.local/" & _
    '> |         "OU=Users,OU=TEST OU,DC=domain,DC=local"
    '> (instead of the DNSDomain, you can also specify the name or, even better, the FQDN of the DC)
    '> LDAP binding strings - http://www.rlmueller.net/LDAP_Binding.htm
    
    Set dso = Getobject("LDAP:")
    set vFQOU = dso.OpenDSObject(LDAPString, _
       authUID, authPass, ADS_SECURE_AUTHENTICATION)
    
    If err then Call OnErr(err.number)
    
    'Find AccountName in the OU, and bind to the obj
    For each objUser in vFQOU
      If err then Call OnErr(err.number)
      If objUser.class = "user" then 
        If LCase(objUser.Get("samAccountName")) = LCase(strUser) then
          objUser.ChangePassword strOldPW, strNewPW
        End If
      End If
    Next
    
    If err.number = 0 then 
      Wscript.Echo "Your password has been changed."
    Else Call OnErr(err.number)
    End If
    Wscript.quit
    '      "---------------Done---------------"
    
    
    
    Sub OnErr(errnr)
      On Error Resume Next
      err.Raise errnr
      wscript.echo "Error !", vbNewLine & err.description
      err.clear
      Wscript.quit
    End Sub
    Code:
    ' ChangePassword.vbs
    '
    ' WinNT: "Using ADSI to Authenticate Against Active Directory"
    
    Const ADS_SECURE_AUTHENTICATION = 1
    
    On Error Resume Next 
    err.clear
    
    'declare variables
    Dim authUID, authPass
    Dim dso, vFQOU, objUser 
    Dim strDomain, strUser, strOldPW, strNewPW
    
    ' variables
    strDomain = "<domainname>"
    strUser = "<username>"
    strOldPW = "<Pass01>"
    strNewPW = "<Pass02>"
    
    authUID = altDom & "\" & altUser
    authPass = altPass1
    
    
    'Example 2 ;
    '===========
    '  "using the WinNT: provider to
    '   Authenticate against Active Directory, and connect to the Userobj"
    
    set dso = GetObject("WinNT:")
    set objUser = dso.OpenDSObject("WinNT://" & strDomain & "/" & strUser & ",user", _
       authUID, authPass, ADS_SECURE_AUTHENTICATION)
    
    '> WinNT binding strings - http://www.rlmueller.net/WinNT_Binding.htm 
    
    If err then Call OnErr(err.number)
    
       '// Changing user's password using the ADSI 'ChangePassword method '
       '// http://www.computerperformance.co.uk/ezine/ezine11.htm#Changing%20a%20users%20password
       '// This method allows the user to change her/his own password.
    objUser.ChangePassword strOldPW, strNewPW
    
    If err.number = 0 then 
      Wscript.Echo "Your password has been changed."
    Else Call OnErr(err.number)
    End If
    Wscript.quit
    '      "---------------Done---------------"
    
    
    
    Sub OnErr(errnr)
      On Error Resume Next
      err.Raise errnr
      wscript.echo "Error !", vbNewLine & err.description
      err.clear
      Wscript.quit
    End Sub
    WinNT vs LDAP - http://www.rlmueller.net/WinNT_LDAP.htm

    You can capture error numbers from the ADSI 'ChangePassword method but you must find out the descriptions for them your self! (Because of the amount of error numbers, made the changePassword method also a tool used for dictionary attacks)
    \Rems
    Last edited by Rems; 28th December 2007, 12:50. Reason: Modified the 'IIS Change Passw' script-> On Err...

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: Change User Password in Different Domain

      Here an Example that is using "InternetExplorer.Application" to create your own box for your own script.
      Code:
      '=======================================================================
      ' name  : ChangePassword.vbs
      ' author: Remco Simons [NL] 2007
      '
      ' "Using ADSI to Authenticate Against Active Directory"
      '
      ' ( http://forums.petri.com/showthread.php?t=20415 )
      '=======================================================================
      
      Const ADS_SECURE_AUTHENTICATION = 1
      
      'Declare Global variables
      Dim oIE, CANCELLED
      Dim altDom, altUser, altPass1, altPass2, altPass3
      
       altDom = "<domain>"
       altUser = altDom & "\" & "<name>"
      call HandleUserInput
      
      
      '--------------- M A I N ---------------
      On Error Resume Next
      err.clear
      
      'declare variables
      Dim authUID, authPass
      Dim dso, vFQOU, objUser 
      Dim strDomain, strUser, strOldPW, strNewPW
      
      ' variables
      strDomain = altDom
      strUser = altUser
      strOldPW = altPass1
      strNewPW = altPass2
      
      authUID = altDom & "\" & altUser
      authPass = altPass1
      
      
      '     Using the entered credentials...
      '  +---------------------------------------------
      '//|  Choose example(1) the LDAP-provider
      '//|    or
      '//|  Choose example(2) the WinNT-provider
      '  +---------------------------------------------
      '( Past here the "example" out of one of the
      '  2 code snippets in my previous post )
      
      
      '-------------------------------------------
      Wscript.quit
      
      
      Sub OnErr(errnr)
        On Error Resume Next
        err.Raise errnr
        wscript.echo "Error !", err.number, vbNewLine & err.description
        err.clear
        Wscript.quit
      End Sub
      
      Sub HandleUserInput
        Dim altCredentials
        altCredentials = LogOnBox("Enter UID and password", _
                      altUser, altPass1)
      
        WScript.DisconnectObject oIE
        If CANCELLED = True Then wscript.quit
      
        invalidDom = Empty
        invalidUser = Empty
        noPWmatch = Empty
      
        altUser = Replace(altCredentials(0),"/","\")
        altPass1 = altCredentials(1)
        altPass2 = altCredentials(2)
        altPass3 = altCredentials(3)
      
        altDom = Split(altUser, "\")(0)
        If IsInvalidDomainname(altDom) = true then
            invalidDom = "- Invalid domainname: " & altDom 
            altDom = "<domain>" 
        End If  
      
        altUser = Split(altUser,"\")(1)
        If IsInvalidUsername(altUser) = true then
            invalidUser = "- Invalid username: " & altUser 
            altUser = "<name>"
        End If
        
        If Not altPass2 = altPass3 Then 
          noPWmatch = "- The re-enter password did not match"
        End If
      
        If (invalidDom&invalidUser&noPWmatch<>"") Then
          wscript.echo invalidDom, vbNewLine _
                     & invalidUser, vbNewLine _
                     & noPWmatch
          altUser = altDom & "\" & altUser
          call HandleUserInput
        End If
      End Sub
      
      Function LogOnBox(sPrompt, sDefaultU, sDefaultP)
        On Error Resume Next
        sTitle = "[ Change Password ]"
        Set objShell = CreateObject("Wscript.Shell")
        Set oIE = CreateObject("InternetExplorer.Application")
      
        With oIE
         ' .FullScreen = True ' remove if using IE 7+
         .Navigate2("about:blank") 
       '> Configure the IE window
         .Resizable = False : .RegisterAsDropTarget = False
         .ToolBar = False   : .MenuBar = False
         .StatusBar = False : .AddressBar = False
         .width = 440 : .height = 335 
      
         Do Until .ReadyState = 4 : WScript.Sleep 100 : Loop
         
       '> Create the password box document
          With .document
            with .parentWindow.screen
              oIE.left = (.availWidth - oIE.width ) \ 2
              oIE.top = (.availheight - oIE.height) \ 2
            End With
          .open
          .write "<html><head><script>bboxwait=true;</script>" _
                & "<title>" & sTitle & "</title></head>"_
                & "<body bgColor=silver scroll=no " _
                & "language=vbs style='border-" _ 
                & "style:outset;border-Width:3px'" _
                & " onHelp='window.event.returnvalue=false" _
                & ":window.event.cancelbubble=true'" _
                & " oncontextmenu=" _ 
                & "'window.event.returnvalue=false" _
                & ":window.event.cancelbubble=true'" _
                & " onkeydown='if ((window.event.keycode>111)"_
                & " and  (window.event.keycode<117)) or" _
                & " window.event.ctrlkey then" _
                & " window.event.keycode=0" _
                & ":window.event.cancelbubble=true" _
                & ":window.event.returnvalue=false'" _
                & " onkeypress='if window.event.keycode=13" _
                & " then bboxwait=false'><center><br>" _
                & "<div style='padding:10px;background-color:lightblue'>" _
                & "<b>&nbsp" & sPrompt & "<b>&nbsp</div>" _
                & "<table bgcolor=cornsilk cellspacing=10>" _
                 & "<tr><td> <b>Domain\Username:</b></td><td>" _
                 & "<input type=text size=35 id=user value='" _
                 & sDefaultU & "'></td></tr>" _
                  & "<tr><td> <b>Old Password:</b></td><td>" _
                  & "<input type=password size=20 id=pass1 value='" _
                  & sDefaultP & "'></td></tr><tr></tr>"_
                   & "<tr><td> <b>New Password:</b></td><td>"_
                   & "<input type=password size=20 id=pass2></td></tr>" _
                    & "<tr><td> <b>Confirm Passw:</b></td><td>"_
                    & "<input type=password size=20 id=pass3></td></tr>" _
                & "</table><br>&nbsp;" _
                & "<button onclick='bboxwait=false;'>" _
                & "&nbsp;Okay&nbsp;</button>&nbsp;&nbsp;" _
                & "<button onclick=" _
                & "'document.all.user.value="""";" _
                & "document.all.pass1.value="""";" _
                & "document.all.pass2.value="""";" _
                & "document.all.pass3.value="""";" _
                & "bboxwait=false;'>Cancel" _
                & "</button></center></body></html>"
          .close
      
          Do Until .ReadyState = "complete" : WScript.Sleep 100 : Loop
      
       '> set window and focus
          prefix = oIE.LocationName & " - "
          .all.user.select
          oIE.Visible = True
          objShell.Appactivate prefix & sTitle
          .all.user.focus
      
          LogOnBox = Array() : i=0
          Do While .parentWindow.bBoxWait
              If Err Then 
                 oIE.document.close
                 oIE.quit : CANCELLED = True
                Exit Function
              End If
              WScript.Sleep 555
              If i=120*(1) Then _
                 err.Raise time-out
              i=i+1
          Loop
      
           oIE.Visible = False
           LogOnBox = Array(.all.user.value, _
                            .all.pass1.value, _
                            .all.pass2.value, _
                            .all.pass3.value)
          .close
         End With  ' document
         .quit
        End With  ' IE
        
        If (Join(LogOnBox,"")="") Then CANCELLED = True
      '> Make vbs-boxes to appear in front again
         On Error GoTo 0
         objShell.SendKeys "^" : wscript.sleep 5
      End Function
      
      Function IsInvalidUsername(username)
      	dim re
      	set re = new RegExp
      	' list of invalid characters in a user name.
      	re.Pattern = "[/\\""\[\]:<>\+=;,@]"
      	IsInvalidUsername =  re.Test(username)
      end Function
      
      Function IsInvalidDomainname(domainname)
      	dim re
      	set re = new RegExp
      	' list of invalid characters in a domain name. 
      	re.Pattern = "[/\\""\[\]:<>\+=;,@!#$%^&\(\)\{\}\|~]"
      	IsInvalidDomainName =  re.Test(domainname)
      End Function
      I don't think this script will work for your situation though (?) But you can give it a try.
      For the script to find the right DNSdomain edit the LDAP string:
      Code:
      'see post;
      'http://forums.petri.com/showpost.php?p=89228&postcount=2
      '( ---> Example 1 )
      
      LDAPString = _
        "LDAP://domain.local/OU=Users,OU=TEST OU,DC=domain,DC=local"
      
      ' Instead of the DNSDomain, you can also specify the name or, even better, the FQDN of the DC
      
      '  LDAP binding strings  - http://www.rlmueller.net/LDAP_Binding.htm
      '  WinNT binding strings - http://www.rlmueller.net/WinNT_Binding.htm
      '  WinNT vs LDAP         - http://www.rlmueller.net/WinNT_LDAP.htm
      \Rems
      Last edited by Rems; 28th December 2007, 12:57. Reason: Added: objShell.SendKeys "^" : wscript.sleep 5

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment

      Working...
      X