force user to change password on next logon

We have single domain Windows Server 2003 AD environment. I need force user to change password on next logon in single OU. I have a script that works with OU at the top of the hierarchy but not with nested
OU's. See the script below:

' PwdLastSet .vbs
' VBScript to force a user to change password at next logon
' --------------------------------------------------------------' 

Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain
Dim intCounter, intPwdValue

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("DefaultNamingContext") 

' -------------------------------------------------------------'
' Important change OU= to reflect your domain
' -------------------------------------------------------------'

strContainer = "OU=XXXX Rica,OU=XXXX, "
strContainer = strContainer & strDNSDomain

intCounter = 0

' Here we force a change of password at next logon
intPwdValue = 0

' Loop through OU=, resetting all user accounts
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
   If objUser.class="user" then
      objUser.Put "PwdLastSet", intPwdValue 
      objUser.SetInfo
   End If
intCounter = intCounter +1
Next 

' Optional section to record how many accounts have been set
WScript.Echo "PwdLastSet = " & intPwdValue _
& vbCr & "Accounts changed = " & intCounter
WScript.Quit 

' End of Sample PwdLastSet VBScript




Submitted via EggHeadCafe - Software Developer Portal of Choice 
ADO.NET Handling Concurrency Issues and Null Values in Updates
http://www.eggheadcafe.com/tutorials/aspnet/cf678707-215d-4ab2-8a62-61d636c0a04a/adonet-handling-concurre.aspx
0
Hitesh
12/9/2009 1:26:54 AM
windows.server.active_director 902 articles. 0 followers. Follow

1 Replies
2259 Views

Similar Articles

[PageSpeed] 59

"Hitesh Hansalia" wrote in message 
news:2009128202651hitesh@glidewelldental.com...
> We have single domain Windows Server 2003 AD environment. I need force 
> user to change password on next logon in single OU. I have a script that 
> works with OU at the top of the hierarchy but not with nested
> OU's. See the script below:
>
> ' PwdLastSet .vbs
> ' VBScript to force a user to change password at next logon
> ' --------------------------------------------------------------'
>
> Option Explicit
> Dim objOU, objUser, objRootDSE
> Dim strContainer, strDNSDomain
> Dim intCounter, intPwdValue
>
> ' Bind to Active Directory Domain
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
>
> ' -------------------------------------------------------------'
> ' Important change OU= to reflect your domain
> ' -------------------------------------------------------------'
>
> strContainer = "OU=XXXX Rica,OU=XXXX, "
> strContainer = strContainer & strDNSDomain
>
> intCounter = 0
>
> ' Here we force a change of password at next logon
> intPwdValue = 0
>
> ' Loop through OU=, resetting all user accounts
> set objOU =GetObject("LDAP://" & strContainer )
> For each objUser in objOU
>   If objUser.class="user" then
>      objUser.Put "PwdLastSet", intPwdValue
>      objUser.SetInfo
>   End If
> intCounter = intCounter +1
> Next
>
> ' Optional section to record how many accounts have been set
> WScript.Echo "PwdLastSet = " & intPwdValue _
> & vbCr & "Accounts changed = " & intCounter
> WScript.Quit
>
> ' End of Sample PwdLastSet VBScript
>

You can use a recursive subroutine to handle nested OU's. For example (not 
tested):
============
Option Explicit
Dim strOU, objOU, intCounter

' Specify the parent (top level) OU.
strOU = "ou=West,dc=MyDomain,dc=com"

' Bind to the parent OU.
Set objOU = GetObject("LDAP://" & strParent)

' Variable intCounter has global scope.
intCounter = 0
Call EnumOU(objOU)

Wscript.Echo "Accounts changed: " & CStr(intCounter)

Sub EnumOU(ByVal objParent)
    ' Recursive subroutine to process all users in an OU
    ' and all sub OU's.

    Dim objUser, objChild

    ' Enumerate all users in the OU.
    objParent.Filter = Array("user")
    For Each objUser In objParent
        ' Skip computer objects.
        If (objUser.Class = "user") Then
            objUser.Put "pwdLastSet", 0
            objUser.SetInfo
            intCounter = intCounter + 1
        End If
    Next

    ' Enumerate all child OU's.
    objParent.Filter = Array("organizationalUnit")
    For Each objChild In objParent
        Call EnumOU(objChild)
    Next
End Sub

-- 
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
-- 


0
Richard
12/9/2009 2:53:59 AM
Reply:

Similar Artilces:

password for command button?
Is there a way to code a command button in its on click event that will prompt the user to enter a password to perform the command button's operation? Thank you. -Debbie On Jan 4, 11:34 am, Debbie S. <Debb...@discussions.microsoft.com> wrote: > Is there a way to code a command button in its on click event that will > prompt the user to enter a password to perform the command button's > operation? > > Thank you. > > -Debbie Yes, but you'll need to delve into VBA. Attach a click event to the button and in the code: Public Function Button1_Click() ...

I want to unlock my word doc to make changes its protected
I am writing a word document the other night. I went to carry on with it tonight but found it has protected the document and won't let me continue writing or editing Word 2007? Assuming that you have activated Office, it seems your trial version of the application has expired. Time to pay the piper! -- <>>< ><<> ><<> <>>< ><<> <>>< <>><<> Graham Mayor - Word MVP My web site www.gmayor.com Word MVP web site http://word.mvps.org <>>< ><<> ><<> ...

Changing SQL Server for CRM 1.2
As my SQL server is currently on its last breath I am in the process of moving our CRM 1.2 databases to a new dedicated serever. I have detatched the databases from the old server, copied the files to the server and attached them. I have then gone into CRM deployment manager and changed to the SQL server to the new server. That all appears to work fine, no error messages. But when users try to access the CRM system they get an error and the CRM server event log fills with error messages. A few are listed below: dmLog: Failed to execute the SQL batch in the file sqlbatch.sql. MSCRM P...

Removing multiple users from Outlook
We did some computer switching, which involved uninstalling a copy of Office XP and replacing it with a copy of Office 2003. Now when I open Outlook, it makes me choose a user. This wasn't in the .pst file which was transferred for the other computer, but apparenly it was on this computer someplace. How can I get Outlook to simply open for the one account without that dialog box popping up? Aloha Annie, Control Panel | Mail | Show Profiles...remove any profiles you don't want. Select the one you do want and set it as the default. (if there are more than one left) -Ben-...

Territory Change
Our Sales VP has restructured all of the geographical territories that we had set up in Microsoft CRM. Our many thousands of Accounts are associated with territories. Obviously it is ludicrous to think that we would have to go one by one and change the territory on each account to the new territories. However, I have heard that there are strict rules for making changes directly to the backend SQL database. If we develop a SQL statement to change the territories assigned to each account to the new territories, are we going to be breaking anything? We don't want to screw up any de...

chart MAcro to change on activecell
Here is the macro below.. The only problem is that the columns change every month. so range (columns)keeps widening.... I have sorted it by selecting range upto column N. so it is provided for all 12 months. But now the "Grand total" column which is always the last column also gets included..(.which shouldnt be included in the range for the chart) Is there a way to modify this macro ? Sub updatechart1() Dim ThechartObj As ChartObject Dim Thechart As Chart Dim Userrow As Long Dim CatTitles As Range Dim SrcRange As Range Dim SourceData As Range If Sheets("summary").Ch...

Changing font in Money 2004 register?
Is there any way to change the font(s) used in MS Money 2004's registers? The default font is too small and difficult for me to read. Also, is there any way to change the color scheme to something more pleasing to my eye (like you can do in Quicken...) Thanks. Nope and Nope. See http://umpmfaq.info/faqdb.php?q=136. "Debbie R." <debbimsr@bellsouth.net> wrote in message news:f5ff01c43e15$e2ae3700$a401280a@phx.gbl... > Is there any way to change the font(s) used in MS Money > 2004's registers? The default font is too small and > difficult for me to read....

changing values of one field based on another
How can I best change the values of one field in a table based on values of another field of the same table. We have an existing table of thousands of entries and I would like to use the following logic to populate a new boolean field. If field1 = "Done" Then BooleanFieldCompleted = True I have some Excel VBA experience but limited Access. I dont want to do this manually! Any assistance appreciated. In general, you'd use an Update query. However, in this case I don't see why you'd need such a field. Why not just create a query with a computed field that returns True...

Change the Exchange Virtual Directory to different website
I would like to remove the exchange virtual directory default website and move it another website which is currently redirecting to the website I want to delete. Meaning rather than logon to OWA as http://www.wheresmylunch.com/exchange (current default website) I want to move to http://www.getyourownsandwich,com/exchange. I am using Exchange 2000 server. Rube You would change the host header on the current website. -- Hope that helps, Dan Townsend This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email to this address, post a reply t...

running reports from MS CRM prompt for username and password
Senario: When running a report from Microsoft CRM client it prompts for username and password. When given it's runs the report correct question: if MS CRM 3 is configured correctly is it normal that when trying to generate a report in MS CRM prompt for username and password? No, ideally it should pass the users AD credentials to the reporting IIS server (single sign on). If you were to close the browser and run a different report does it still prompt for credentials? I've noticed this does also depend on the hostname. For instance if the reporting server uses a differe...

Money 2000 Account Balance Changed Inexplicably
Opening Money 2000, which I've used without problem since late 1999, I noticed that my checking account balance was overstated by almost $2000! I went to the register to see if there was a false transaction entered and it appears that this balance change goes back years with no obvious single entry being the culprit. When I run the "balance this account" function, it shows that the closing balance from my last statement, which was correct and rectified, is now also wrong and reflects the higher balance. What do I do now? The only thing that I can think of is to restore...

Changing language
I am running the Swedish version of Excel for XP and I need the US (or English) version. Is there a way to convert the language and all the settings associated with it? Using the swedish version is rather annoying since the formula names are translated to swedish. Thank you, Magnus ...

With and import tool can you change only item description?
Is there a way to change only the item description on a large quanity of items. What about the extended description? Thanks for your help. Use the MS SQL Data Import Tool by EMS. $65.00. The QSImport Tool available to download from Microsoft will probably work but is not supported by Microsoft. Kinnard L. Kohler Business Machines Systems 6101 South Shackleford Road Little Rock, AR 72204-8606 (T) 501-375-8380 (F) 501-375-0043 (Cell) 501-412-5686 Email: kinnard@removebmsar.com "Lisa" wrote: > Is there a way to change only the item description on a large quanity of >...

Changing a profile on Microsoft Outlook 2003
I set up two profiles through the control panel and directed Outlook to prompt me for which profile to use each time it was opened. But now it skips the prompt and goes straight to one of the profiles. I need to restore that prompt, but it won't respond to the instructions in the control panel Mail dialogue box Hi Chris, did you get the same behavior after a restart of the computer? You could try "Sart/run/fixmapi.exe" (you don�t get any confirmation message) and restart the computer again. If this wouldn�t wotk, I would create a 3rd (test) profile. Maybe Outlook don�t ...

Macro to change default setting on startup
I am in need of a macro that can change a default setting in excel and for it to run on startup The task is: Tools Options General Web Options Files uncheck Update links on save Below is the recording of the macro: With ActiveWorkbook.WebOptions ..RelyOnCSS = True ..OrganizeInFolder = True ..UseLongFileNames = True ..DownloadComponents = False ..RelyOnVML = False ..AllowPNG = False ..ScreenSize = msoScreenSize800x600 ..PixelsPerInch = 96 ..Encoding = msoEncodingWestern End With With Application.DefaultWebOptions ..SaveHiddenData = True ..LoadPictures = True ....

unable to grant existing user access to TEST company
Set up test company using live company data; ran the script referenced in CustomerSource article ID#871973; can grant and remove user access in all other companies; ran grantsql 9.2; the dexsql log shows the user already has access probably because of using the other company data for the test; I can set up a new user and grant them access, existing users who already have access can view the company...but, I cannot figure out how to grant access to the TEST company to an existing user. The error popup reads "The user could not be added to one or more databases." Dynamics 9.0,...

How export all mailbox-enabled users from the GAL using Outlook?
Hello, We have a user which, for administrative reasons, needs to export all mailbox-enabled users in the GAL now and then. They just need all the names. Is there a straightforward way for them to do that? We don't want to give them any special permissions and want to avoid server scripting. Ideally, they should be able to export it to a CSV file or any text file. Thanks, - Alan. Alan wrote: > We have a user which, for administrative reasons, needs to export all > mailbox-enabled users in the GAL now and then. They just need all the > names. Is there a straightforward way fo...

Accessing another user's calendar OL2000/OL2003/Ex2000
Here's the situation: Running Exchange2000, v 6.0, sp4. Users are on XP/OL2003 or NT/OL2000. (we're in the process of upgrading all of the workstations to XP.) VIP user is on XP/OL2003. He can access his calendar just fine on his workstation. His secretary and other office admin type people are still on NT/OL2000. They have reviewer or editor rights to his calendar. They try to access his calendar by chosing File/Open/Other User's Folder... and put in his name and calendar. When they do this, the process hangs. In Task Manager, Outlook is "Running." End the Outloo...

Re-enabled user account cannot log in
In trying to troubleshoot and issue in CRM where I had multiple user accounts for a single ADUC user, I tried disabling and re-enabling a user's account. But even after re-enabling the account the user cannot log in now. The error message says that it is disallowed when he tries to browse to the CRM server. Please help, I need to get this user account working again asap. Joel ...

Windows mail asking to verify username and password
I was in Windows Mail when suddenly a box popped up asking for my username and password from Windows Mail.. Although I attempted correctly several times it still will not work. I contacted my kerrlake server and we tried several things including deleting the account and resetting it back up but it still will not open. I can receive my emails on my blackberry and can get on the internet. Also, a protocal error message pops up. Please help! -- Diamond & Associates When you get that repeated prompt for username and password, click = Cancel, which should then produce an erro...

Changing the words "Sales Receipt" to "Invoice"
I cannot find how to change the word at the top right of our Sales document to read "Invoice" rather than "Sales Receipt". We bill out as a receivable for most of our goods and there seems to be some confusion with our customers. Thanks in advance for your help. -- Ron Moore Changing Sales Order to Invoice There is a receipt variable called "Transaction.ReceiptTransactionName" (in <SUB name="PrintTransactionType"> of receipt.xml)which returns the "default" name for the transaction based on it's type. You can replace this w...

Change View
Hi I have in a default view: My Active Accounts and I would like to change it to: Active Accounts Thanks Carlos Hi Carlos, This can be setup in the Account entity. Customize the Account Entity - forms and Views - Select Active Accounts and Set as default. This should do it. Hope this helps! Sam _______________ Inogic Innovative Logic Innovative solutions for your SME ERP/CRM products E-mail: crm@inogic.com Web: www.inogic.com -------------------------- "Carlos De la Cruz" <carlos.delacruz@gmail.com> wrote in message news:F19899E7-A9EB-4F38-BE4C-BA01991CD2C0@micro...

Inbox Icons not changing when email forwarded or replied to
This may seem like an insignicant issue, but when you have hundreds of emails in your inbox, it is extremely important to know which ones you have forwarded and which ones you have replied to. Unfortunately, my inbox icons do not change when I reply to a message or forward a message. They also remain as the "Read Message" icon. I have searched the Knowledge Base, but I have been unable to find an answer to this seemingly simple issue. I am using Outlook 2000. Appreciate any assistance, James ...

changing a cell of 60 files
Hi all I've 60 files and another one which summarizes all of them.. I've to put a day in the cell a1 and then I'd like to cut and paste that day in the cell a1 of the other 60 files without having to change all of them manually. I'd like to save and then exit every single file.The files are named 0001 0002 0003..and so on. I know that this is possible with a macro..but I've got a problem.. It's possible not to have the prompt which asks for updates of the file everytime I open one of them?? Thanks for the help Rossella Hi Rossella http://www.rondebruin.nl/copy4.htm ...

changing the application name
hi, i have developed a project and after completion of that project there is need to change that applicatin name. I will explained clearly i have created a document./view project , which named has "aaaa" afte completion the project, by running that application, there is a frame which has title "aaaa" Now there is need to change that title to "bbbbb" how can we do that? i am using VC++.net plz let me know how to do that by, koti "Koti" <koti@nannacomputers.com> wrote in message news:OqHUbvNQFHA.1236@TK2MSFTNGP14.phx.gbl... >...