Changing a Users AD Password

Home Forums Scripting Windows Script Host Changing a Users AD Password

This topic contains 5 replies, has 4 voices, and was last updated by Avatar Stewey 8 years, 1 month ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • Avatar
    Coreman76
    Member
    #155910

    Hello,

    I have searched and searched for a solution to allow an end user to change his/her active directory (AD) password. For the process I am implementing, I need the (non-domain-administrator) to be able to change their AD password.

    I could also call some command line tool to accomplish this as well.

    Everything I found (script, powershell, NET USER /domain, cusrmgr.exe) requires the domain administrator credentials, or only change the local workstation account (pspasswd), not the AD account.

    Is the way an Active Directory end-user can change his/her password is CNTL+ALT+DEL > “Change Password”?

    Thanks,
    Corey

    Avatar
    Wired
    Moderator
    #274222

    Re: Changing a Users AD Password

    CTRL+ALT+DEL is the easy way, sure. There’s other programs that can tie in to AD, but here’s the question: Why don’t you want to use CTRL+ALT+DEL?

    Avatar
    Stewey
    Member
    #383122

    Re: Changing a Users AD Password

    I am constructing a Script for my organization to Join a workstation to a Domain. We are currently primarily a Novell Environment still. However Active Directory’s presence is growing (and may soon replace Novell) due to market forces and support.

    So the Script goes out and finds a newly created AD user (with a temporary password assigned) and then Joins the workstation to the domain based on DN of the user. I would like to change the User’s password to match their Novell Password (user would be prompted for it in script). So when the PC comes back up from all the work the script does, it would be as simple as them logging in normally. So anything that I can call, in a Script, to change a password would work, but CTRL+ALT+DEL won’t because you can’t even capture that with keystrokes.

    This would simplify things for our non-technical end users to understand they have to enter 1st their Novell Password, then a separate password for AD, then change that AD password. Then understand all the complexities of this password management.

    Long term, we are implementing Directory sync, but its a little ways off, and we need this script soon.

    Thanks,
    Corey

    Rems
    Rems
    Moderator
    #228042

    Re: Changing a Users AD Password

    The difference between ‘Changing a password’ and ‘Reset a password’ is that for the first you have to use the old password to be able to set the new password…

    What the script that you have is trying to do is in fact a Reset of the user’s password. Therefore you should edit the permissions on the user objects first (set the interface view to Advanced / open the properties of the objec / go to the security tab / ADD the reset password permissions to SELF)

    /Rems

    Avatar
    Stewey
    Member
    #383123

    Re: Changing a Users AD Password

    I did get that thought kinda from some of my other reading. Thanks for clearing that up.

    I would have to sell this to our AD Administrators to change this permission (which may or may not happen). What are the ramifications of making this permission change?

    Are there no Scripts/ Command line utilities to then “Change” a password instead of “reset” it? I know the default old password (same password for all new user accounts created). That piece of script/utility is what I am truly looking for…

    Thanks for the quick reply!

    Corey

    Rems
    Rems
    Moderator
    #228043

    Re: Changing a Users AD Password

    Set a password by script:
    objUser.SetPassword(“newpassword”)

    To Change password by script:
    objUser.ChangePassword “currentpassword”, “newpassword”

    So the dialogbox that you create should ask for both the old and for a new password.
    (note, when ‘changing‘ password all password policy settings for the domain are effective, including the minimum age and password history).

    To determine the user’s DN in Active Directory:
    Set objSysInfo = CreateObject(“ADSystemInfo”)
    strUserDN = objSysInfo.UserName

    /Rems

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.