' ResetPassword.vbs ' VBScript program to reset the password for a user. ' The program also enables the account and expires the password. ' User must pass the NT Logon Name (sAMAccountName) of the user ' and the new password as arguments. User must have administrative ' privileges. The client must be able to make a SSL connection to ' the Domain Controller. ' ' ---------------------------------------------------------------------- ' Copyright (c) 2003-2010 Richard L. Mueller ' Hilltop Lab web site - http://www.rlmueller.net ' Version 1.0 - March 3, 2003 ' Version 1.1 - April 18, 2003 - Remove trailing backslash from ' strNetBIOSDomain. ' Version 1.2 - January 25, 2004 - Modify error trapping. ' Version 1.3 - March 18, 2004 - Modify NameTranslate constants. ' Version 1.4 - July 30, 2007 - Escape any "/" characters in User DN. ' Version 1.5 - November 6, 2010 - No need to set objects to Nothing. ' ' You have a royalty-free right to use, modify, reproduce, and ' distribute this script file in any way you find useful, provided that ' you agree that the copyright owner above has no warranty, obligations, ' or liability for such use. Option Explicit Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain Dim strUserDN, objUser, strPassword, strUserNTName ' Constants for the NameTranslate object. Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_1779 = 1 If (Wscript.Arguments.Count <> 2) Then Wscript.Echo "Syntax Error. Correct syntax is:" Wscript.Echo "cscript ResetPassword.vbs UserNTName NewPassword" Wscript.Quit End If strUserNTName = Wscript.Arguments(0) strPassword = Wscript.Arguments(1) ' Determine DNS domain name from RootDSE object. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") ' Use the NameTranslate object to find the NetBIOS domain name from the ' DNS domain name. Set objTrans = CreateObject("NameTranslate") objTrans.Init ADS_NAME_INITTYPE_GC, "" objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4) ' Remove trailing backslash. strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1) ' Use the NameTranslate object to convert the NT user name to the ' Distinguished Name required for the LDAP provider. On Error Resume Next objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strUserNTName If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "User " & strUserNTName _ & " not found in Active Directory" Wscript.Echo "Program aborted" Wscript.Quit End If strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) ' Escape any forward slash characters, "/", with the backslash ' escape character. All other characters that should be escaped are. strUserDN = Replace(strUserDN, "/", "\/") ' Bind to the user object in Active Directory with the LDAP provider. On Error Resume Next Set objUser = GetObject("LDAP://" & strUserDN) If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "User " & strUserNTName _ & " not found in Active Directory" Wscript.Echo "Program aborted" Wscript.Quit End If objUser.SetPassword strPassword If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "Password NOT reset for " &vbCrLf & strUserNTName Wscript.Echo "Password " & strPassword & " may not be allowed, or" Wscript.Echo "this client may not support a SSL connection." Wscript.Echo "Program aborted" Wscript.Quit Else objUser.AccountDisabled = False objUser.Put "pwdLastSet", 0 Err.Clear objUser.SetInfo If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "Password reset for " & strUserNTName Wscript.Echo "But, unable to enable account or expire password" Wscript.Quit End If End If On Error GoTo 0 Wscript.Echo "Password reset, account enabled," Wscript.Echo "and password expired for user " & strUserNTName