Announcement

Collapse
No announcement yet.

Changing a Users AD Password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Changing a Users AD Password

    Hello,

    I have searched and searched for a solution to allow an end user to change his/her active directory (AD) password. For the process I am implementing, I need the (non-domain-administrator) to be able to change their AD password.

    I could also call some command line tool to accomplish this as well.

    Everything I found (script, powershell, NET USER /domain, cusrmgr.exe) requires the domain administrator credentials, or only change the local workstation account (pspasswd), not the AD account.

    Is the only way an Active Directory end-user can change his/her password is CNTL+ALT+DEL > "Change Password"?

    Thanks,
    Corey

  • #2
    Re: Changing a Users AD Password

    CTRL+ALT+DEL is the easy way, sure. There's other programs that can tie in to AD, but here's the question: Why don't you want to use CTRL+ALT+DEL?
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Changing a Users AD Password

      I am constructing a Script for my organization to Join a workstation to a Domain. We are currently primarily a Novell Environment still. However Active Directory's presence is growing (and may soon replace Novell) due to market forces and support.

      So the Script goes out and finds a newly created AD user (with a temporary password assigned) and then Joins the workstation to the domain based on DN of the user. I would like to change the User's password to match their Novell Password (user would be prompted for it in script). So when the PC comes back up from all the work the script does, it would be as simple as them logging in normally. So anything that I can call, in a Script, to change a password would work, but CTRL+ALT+DEL won't because you can't even capture that with keystrokes.

      This would simplify things for our non-technical end users to understand they have to enter 1st their Novell Password, then a separate password for AD, then change that AD password. Then understand all the complexities of this password management.

      Long term, we are implementing Directory sync, but its a little ways off, and we need this script soon.

      Thanks,
      Corey

      Comment


      • #4
        Re: Changing a Users AD Password

        The difference between 'Changing a password' and 'Reset a password' is that for the first you have to use the old password to be able to set the new password...

        What the script that you have is trying to do is in fact a Reset of the user's password. Therefore you should edit the permissions on the user objects first (set the interface view to Advanced / open the properties of the objec / go to the security tab / ADD the reset password permissions to SELF)

        /Rems

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Changing a Users AD Password

          I did get that thought kinda from some of my other reading. Thanks for clearing that up.

          I would have to sell this to our AD Administrators to change this permission (which may or may not happen). What are the ramifications of making this permission change?

          Are there no Scripts/ Command line utilities to then "Change" a password instead of "reset" it? I know the default old password (same password for all new user accounts created). That piece of script/utility is what I am truly looking for...

          Thanks for the quick reply!

          Corey

          Comment


          • #6
            Re: Changing a Users AD Password

            Set a password by script:
            objUser.SetPassword("newpassword")

            To Change password by script:
            objUser.ChangePassword "currentpassword", "newpassword"

            So the dialogbox that you create should ask for both the old and for a new password.
            (note, when 'changing' password all password policy settings for the domain are effective, including the minimum age and password history).

            To determine the user's DN in Active Directory:
            Set objSysInfo = CreateObject("ADSystemInfo")
            strUserDN = objSysInfo.UserName



            /Rems

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment

            Working...
            X