' ResetPassword.vbs
' VBScript program to reset the password for a user.
' The program also enables the account and expires the password.
' User must pass the NT Logon Name (sAMAccountName) of the user
' and the new password as arguments. User must have administrative
' privileges. The client must be able to make a SSL connection to
' the Domain Controller.
'
' ----------------------------------------------------------------------
' Copyright (c) 2003-2010 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - March 3, 2003
' Version 1.1 - April 18, 2003 - Remove trailing backslash from
' strNetBIOSDomain.
' Version 1.2 - January 25, 2004 - Modify error trapping.
' Version 1.3 - March 18, 2004 - Modify NameTranslate constants.
' Version 1.4 - July 30, 2007 - Escape any "/" characters in User DN.
' Version 1.5 - November 6, 2010 - No need to set objects to Nothing.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
Option Explicit
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strPassword, strUserNTName
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
If (Wscript.Arguments.Count <> 2) Then
Wscript.Echo "Syntax Error. Correct syntax is:"
Wscript.Echo "cscript ResetPassword.vbs UserNTName NewPassword"
Wscript.Quit
End If
strUserNTName = Wscript.Arguments(0)
strPassword = Wscript.Arguments(1)
' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strUserNTName
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User " & strUserNTName _
& " not found in Active Directory"
Wscript.Echo "Program aborted"
Wscript.Quit
End If
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Escape any forward slash characters, "/", with the backslash
' escape character. All other characters that should be escaped are.
strUserDN = Replace(strUserDN, "/", "\/")
' Bind to the user object in Active Directory with the LDAP provider.
On Error Resume Next
Set objUser = GetObject("LDAP://" & strUserDN)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User " & strUserNTName _
& " not found in Active Directory"
Wscript.Echo "Program aborted"
Wscript.Quit
End If
objUser.SetPassword strPassword
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Password NOT reset for " &vbCrLf & strUserNTName
Wscript.Echo "Password " & strPassword & " may not be allowed, or"
Wscript.Echo "this client may not support a SSL connection."
Wscript.Echo "Program aborted"
Wscript.Quit
Else
objUser.AccountDisabled = False
objUser.Put "pwdLastSet", 0
Err.Clear
objUser.SetInfo
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Password reset for " & strUserNTName
Wscript.Echo "But, unable to enable account or expire password"
Wscript.Quit
End If
End If
On Error GoTo 0
Wscript.Echo "Password reset, account enabled,"
Wscript.Echo "and password expired for user " & strUserNTName