Passwords
I have over 120 user IDs in AD that don't have passwords. I was given a spreadsheet of what those passwords will be for each ID.
What is the best way to handle this?
Thank you
All Replies
- I have an example VBScript program that sets the passwords for users according to the informaion in an Excel spreadsheet linked here:
http://www.rlmueller.net/Set%20Passwords%203.htm
The first column of the spreadsheet should be the Distinguished Names of the users. The second column should be the new password. If your spreadsheet has the "pre-Windows 2000 logon" names, then either you must change this to the Distinguished Name, or revise the program to use the NameTranslate object to convert the "pre-Windows 2000 logon" names into Distinguished Names. See this link for how to do that:
http://www.rlmueller.net/NameTranslateFAQ.htm
I hope this helps.
Richard Mueller
MVP ADSI - Hi Richard and thank you for your response. I'm very new to VB... I have tried to modify the get users program and run your script a few times and it keeps failing on my. I'm going to name my script Test.VBS and to recreate the excel info is as follows c:\dn\usersdn.xls
Than I will try and run the set passwords script - I think you might be trying to use the program CreateUserList3.vbs from my web site. The program requires that a parameter be supplied, which is the name and path of the spreadsheet to be created. To run it and create an Excel spreadsheet with the Distinguished Names of all users, use the following command at a command prompt:
cscript CreateUserList3.vbs c:\dn\usersdn.xls
This assumes that the file CreateUserList3.vbs is in the current folder. You need to download the file CreateUserList3.txt and rename it to CreateUserList3.vbs (or whatever name you like, but it must have *.vbs extension). Because the program requires the parameter, you need to run it at a command prompt using the cscript host. You should first navigate to the folder where the *.vbs file is saved. I hope this helps.
Richard Mueller
MVP ADSI - Hi Richard and thank you. So how does it know where to grab the IDs from.
Lets say for example this is the path of my users.
The IDs reside in OU=test,DC=program,dc=us
Also,c an I run this my my xp machine or should I run it from one of the domain controllers I open Active Directory Users and Computers from? You can run the scripts from any computer that is joined to the domain (older clients like Windows 95/98 and NT would require that DSClient be installed). If all of the users you want to deal with are in the "OU=Test" organizational unit, then you can code a script to enumerate all users in the OU. You would simply make the DN of that OU the base of the ADO search query. For example, you can use the program CreateUserList3.vbs on my web site. As written, it enumerates all users in the domain and writes their Distinguished Names to a spreadsheet. You would change this statement in the program:
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";distinguishedName;subtree"
to this:
strQuery = "<LDAP://ou=Test,dc=program,dc=us>;" & strFilter _
& ";distinguishedName;subtree"
The first clause of the LDAP syntax ADO query is the "base" of the query. The query now will only return values for user objects in the base. The filter clause (the value of the variable strFilter) restricts the recordset to user objects.Once the spreadsheet is created, you can add a second column for the password values and use the spreadsheet with the program SetPasswords3.vbs on my web site.
The nice thing about spreadsheets is that you can modify them for your needs, removing rows for users that should not have their passwords changed, adding users, etc. You can also break up the spreadsheet into several smaller ones, so you can test the script with a few users, then run the program again for the remaining users. I hope this helps.
Richard Mueller
MVP ADSI- Ok, I have my spreadsheet.
In column 1 I have a list of all the distinguished names. EX: CN=John Doe,OU=test,DC=one,dc=com
In column 2 I have a list of all the passwords
What would you advise next? - Now you can run the program SetPWForUserList3.vbs from my web site at this link:
http://www.rlmueller.net/Set%20Passwords%203.htm
When you download or copy the file SetPWForUserList3.txt, rename it to *.vbs, then run it at a command prompt using the cscript.exe program. You must pass the name of the spreadsheet as a parameter to the program. For example, if the spreadsheet is called Users.xls, and both the spreadsheet and the program SetPWForUserList3.vbs are in the same folder, then at a command prompt navigate to this folder and run the command:
cscript SetPWForUserList3.vbs Users.xls
The only other requirement I can think of is that a header line is expected in the spreadsheet, so the first line is skipped by the program. The program will read the Distinguished Name and password from each row of the spreadsheet, bind to the corresponding user object, set the password (read from the same row), enable the account, and then require the user to change their password the next time they logon. I hope this helps. You must have permissions to set passwords in the domain, but the script can be run from any computer that is joined to the domain.
Richard Mueller
MVP ADSI
