locked
Domain Password Reset RRS feed

  • Question

  • I have a .vbs file that I use to reset domain user passwords.  Up until we installed a new server running server 2008 it worked well and it still does for admins but not for the general staff.  I am at a loss now to try and find out why it works for me but not for anyone else.  This is the error message I get.

     
    line: 32
    char: 6
    Error: General Access Denied Error

    Code: 800700005
    Source: Active Directory

    This is the script I use.
    Option Explicit

    '
    ' Subroutines
    '

    Sub UsageText
         Dim strMessage

         strMessage = WScript.ScriptName & " changes the Password for a given Username. If no " & VbCrLf
         strMessage = strMessage & "password is entered on the the command line an inbox box " & VbCrLf
         strMessage = strMessage & "will request them" & VbCrLf & VbCrLf
         strMessage = strMessage & "Usage:" & VbCrLf & VbCrLf
         strMessage = strMessage & "cscript " & WScript.ScriptName & " [-u <Username>] [-p <Password>]" & VbCrLf
         strMessage = strMessage & VbCrLf
         strMessage = strMessage & VbTab & "-u - Username (sAMAccountName) of Account to alter" & VbCrLf
         strMessage = strMessage & VbTab & "-p - New Password to set" & VbCrLf
         WScript.Echo strMessage
         WScript.Quit
    End Sub

    Sub SortArgv
         ' Checks the Command line parameters and updates the appropriate fields.

         Dim objArgv
         Dim strArgv
         Dim i, intUserName, intPassword
         Dim booUserName, booPassword
        
         booUserName = False : booPassword = False
         i = 0 : intUsername = 0 : intPassword = 0

         Set objArgv = WScript.Arguments
         If objArgv.Count > 1 Then
              For Each strArgv in objArgv
                   i = i + 1
                   If LCase(strArgv) = "-u" Then
                        booUserName = True
                        intUserName  = i
                   End If
                   If LCase(strArgv) = "-p" Then
                        booPassword = True
                        intPassword = i
                   End If
              Next
         End If

         If booUserName = True And objArgv.Count < intUserName Then
              UsageText
         ElseIf booUserName = True Then
              strUserName = objArgv(intUserName)
         End If
         If booPassword = True And objArgv.Count < intPassword Then
              UsageText
         ElseIf booPassword = True Then
              strPassword = objArgv(intPassword)
         End If
         Set objArgv = Nothing

         If booUserName = False And strUserName = "" Then
              strUserName = InputBox("Please Enter the Student logon name", "Enter Student Logon Name")
              If strUserName = "" Then
                   UsageText
              End If
         End If
         If strPassword = "" Then
              strPassword = InputBox("Please Enter the Password to Set for " & strUserName, "Enter Password")
              If strPassword = "" Then
                   UsageText
              End If
         End If
    End Sub

    Function GetUserDN(strUserName)
         Const ADS_NAME_INITTYPE_GC = 3
         Const ADS_NAME_TYPE_1779 = 1
         Const ADS_NAME_TYPE_NT4 = 3

         Dim objNameTranslate, objNetwork
         Dim strDomain, strUserDN

         On Error Resume Next
         Set objNameTranslate = CreateObject("NameTranslate")
         Set objNetwork = CreateObject("WScript.Network")

         strDomain = objNetwork.UserDomain
         objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
         objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strUserName
         strUserDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)

         Set objNameTranslate = Nothing
         Set objNetwork = Nothing
         On Error Goto 0

         GetUserDN = strUserDN
    End Function

    '
    ' Main Code Section
    '

    ' Global Variables

    Dim objUser
    Dim strUserName, strPassword, strUserDN, strDisplayName
    Dim intResponse

    SortArgv

    strUserDN = GetUserDN(strUserName)

    If strUserDN = "" Then
         WScript.Echo "User Not Found"
         WScript.Quit
    End If

    Set objUser = GetObject("LDAP://" & strUserDN)

    If objUser.IsAccountLocked = True Then
         objUser.IsAccountLocked = False
         objUser.SetInfo
         WScript.Echo "Account has been Unlocked"
    End If

    On Error Resume Next
    strDisplayName = "" : strDisplayName = objUser.Get("displayName")
    On Error Goto 0

    If strDisplayName = "" Then
         strDisplayName = strUserName
         objUser.Put "displayName", strDisplayName
         objUser.SetInfo
    End If

    intResponse = MsgBox("Is the student's real name " & strDisplayName & VbCrLf & VbCrLf &_
         "If you answer YES the user's password will be reset and set to Change at Next Logon.", _
         VbYesNo ,"Check student Name" & VbCrLf)

    If intResponse <> VbYes Then
         WScript.Echo "Password was not changed"
         WScript.Quit
    End If

    On Error Resume Next
    Err.Clear
    objUser.SetPassword strPassword
    If Err.Number = 0 Then
         WScript.Echo "Password was changed successfully"
    Else
         WScript.echo "PERMISSION DENIED: Password not changed." &_
         VbCrLf & VbCrLf & "The new password must contain at least 8 " &_
         "letters/numbers/symbols" & VbCrLf & "& may not have been used previously."
    End If

    objUser.Put "pwdLastSet", 0
    objUser.SetInfo

    Set objUser = Nothing

     

    Tuesday, June 9, 2009 2:19 AM

Answers