This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Domain Password Reset

Question
0

Sign in to vote

I have a .vbs file that I use to reset domain user passwords. Up until we installed a new server running server 2008 it worked well and it still does for admins but not for the general staff. I am at a loss now to try and find out why it works for me but not for anyone else. This is the error message I get.

line: 32
char: 6
Error: General Access Denied Error

Code: 800700005
Source: Active Directory

This is the script I use.
Option Explicit

'
' Subroutines
'

Sub UsageText
     Dim strMessage

     strMessage = WScript.ScriptName & " changes the Password for a given Username. If no " & VbCrLf
     strMessage = strMessage & "password is entered on the the command line an inbox box " & VbCrLf
     strMessage = strMessage & "will request them" & VbCrLf & VbCrLf
     strMessage = strMessage & "Usage:" & VbCrLf & VbCrLf
     strMessage = strMessage & "cscript " & WScript.ScriptName & " [-u <Username>] [-p <Password>]" & VbCrLf
     strMessage = strMessage & VbCrLf
     strMessage = strMessage & VbTab & "-u - Username (sAMAccountName) of Account to alter" & VbCrLf
     strMessage = strMessage & VbTab & "-p - New Password to set" & VbCrLf
     WScript.Echo strMessage
     WScript.Quit
End Sub

Sub SortArgv
     ' Checks the Command line parameters and updates the appropriate fields.

     Dim objArgv
     Dim strArgv
     Dim i, intUserName, intPassword
     Dim booUserName, booPassword

     booUserName = False : booPassword = False
     i = 0 : intUsername = 0 : intPassword = 0

     Set objArgv = WScript.Arguments
     If objArgv.Count > 1 Then
          For Each strArgv in objArgv
               i = i + 1
               If LCase(strArgv) = "-u" Then
                    booUserName = True
                    intUserName = i
               End If
               If LCase(strArgv) = "-p" Then
                    booPassword = True
                    intPassword = i
               End If
          Next
     End If

     If booUserName = True And objArgv.Count < intUserName Then
          UsageText
     ElseIf booUserName = True Then
          strUserName = objArgv(intUserName)
     End If
     If booPassword = True And objArgv.Count < intPassword Then
          UsageText
     ElseIf booPassword = True Then
          strPassword = objArgv(intPassword)
     End If
     Set objArgv = Nothing

     If booUserName = False And strUserName = "" Then
          strUserName = InputBox("Please Enter the Student logon name", "Enter Student Logon Name")
          If strUserName = "" Then
               UsageText
          End If
     End If
     If strPassword = "" Then
          strPassword = InputBox("Please Enter the Password to Set for " & strUserName, "Enter Password")
          If strPassword = "" Then
               UsageText
          End If
     End If
End Sub

Function GetUserDN(strUserName)
     Const ADS_NAME_INITTYPE_GC = 3
     Const ADS_NAME_TYPE_1779 = 1
     Const ADS_NAME_TYPE_NT4 = 3

     Dim objNameTranslate, objNetwork
     Dim strDomain, strUserDN

     On Error Resume Next
     Set objNameTranslate = CreateObject("NameTranslate")
     Set objNetwork = CreateObject("WScript.Network")

     strDomain = objNetwork.UserDomain
     objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
     objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strUserName
     strUserDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)

     Set objNameTranslate = Nothing
     Set objNetwork = Nothing
     On Error Goto 0

     GetUserDN = strUserDN
End Function

'
' Main Code Section
'

' Global Variables

Dim objUser
Dim strUserName, strPassword, strUserDN, strDisplayName
Dim intResponse

SortArgv

strUserDN = GetUserDN(strUserName)

If strUserDN = "" Then
     WScript.Echo "User Not Found"
     WScript.Quit
End If

Set objUser = GetObject("LDAP://" & strUserDN)

If objUser.IsAccountLocked = True Then
     objUser.IsAccountLocked = False
     objUser.SetInfo
     WScript.Echo "Account has been Unlocked"
End If

On Error Resume Next
strDisplayName = "" : strDisplayName = objUser.Get("displayName")
On Error Goto 0

If strDisplayName = "" Then
     strDisplayName = strUserName
     objUser.Put "displayName", strDisplayName
     objUser.SetInfo
End If

intResponse = MsgBox("Is the student's real name " & strDisplayName & VbCrLf & VbCrLf &_
     "If you answer YES the user's password will be reset and set to Change at Next Logon.", _
     VbYesNo ,"Check student Name" & VbCrLf)

If intResponse <> VbYes Then
     WScript.Echo "Password was not changed"
     WScript.Quit
End If

On Error Resume Next
Err.Clear
objUser.SetPassword strPassword
If Err.Number = 0 Then
     WScript.Echo "Password was changed successfully"
Else
     WScript.echo "PERMISSION DENIED: Password not changed." &_
     VbCrLf & VbCrLf & "The new password must contain at least 8 " &_
     "letters/numbers/symbols" & VbCrLf & "& may not have been used previously."
End If

objUser.Put "pwdLastSet", 0
objUser.SetInfo

Set objUser = Nothing

Tuesday, June 9, 2009 2:19 AM

Answers

0

Sign in to vote
It is very hard to say what is wrong when the same is executed on the other machine, Can you try one of the debugging techinics that are mentioned @ http://blogs.msdn.com/ie/archive/2004/10/26/247912.aspx ? Can you also try posting the same questions at http://social.technet.microsoft.com/Forums/en-US/winserverPN/threads , here you get only NAP experts ?

Feel free to ask us any questions about NAP :)

Thanks
-RamaSubbu SK
Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
- Proposed as answer by RamaSubbu SK Tuesday, June 9, 2009 6:42 PM
- Marked as answer by Greg LindsayMicrosoft employee Wednesday, June 24, 2009 8:45 PM
Tuesday, June 9, 2009 6:42 PM