Script to reset passwords through Active Directory


  • I was wondering if someone could help me, The code below works perfectly when run on an internal server, but when I put it on a server on the DMZ, the “reset password” section below doesn’t work (everything else does). Port 389 is open in our firewall and I have set anonymous access for this page to a admin account. Active Directory is even installed on the server. Do you have any suggestions? If I write out objUser.IsAccountLocked, it writes "False" so the "getObject" seems to work, it just will not reset the password for me (or set "User must change password at next logon"). It also writes out the correct stnDN. Thanks! Here is the code:


    ' AD Lookup based on first and last name
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection
    objCommand.CommandText = _
        "SELECT distinguishedName FROM 'LDAP://dc=mydomain,dc=com' WHERE objectCategory='user' " & _
            "AND givenName='" & fname & "' and sn='"& lname &"'" 
    Set objRecordSet = objCommand.Execute
    Do Until objRecordSet.EOF
       strDN = objRecordSet.Fields("distinguishedName").Value
    '---------get user--------
    Set objUser = GetObject("LDAP://"& strDN )
    '---------check if disabled--------
    If objUser.AccountDisabled = False Then
     '---------reset password--------
    zpassword = "newpassword"
    objUser.SetPassword zpassword 
    objUser.IsAccountLocked = False
    objUser.Put "PwdLastSet", 0
    Set objUser = Nothing
    end if
    Tuesday, September 15, 2009 7:05 PM