Computer Performance, VBScript

VBScript Change Password

Tutorial for Changing a User Account Password with SetPassword

With VBScript, it is relatively easy to set each user's account to a known password.  You can also configure the account so that once the user authenticates, they must change the known password to a more secure password.  This is a popular script for schools and colleges to run at the start of a year; either for new pupils, or for old lags who have forgotten last term's passwords.

Topics for VBScript Change Password

 ♦

Our Mission and GoalsSetPassword vbscript change user password

Setting the password may be part of a bigger plan, for example, to enable the account and force the user to change their password at next logon.  My mantra is build scripts gradually, one section at a time.  Therefore, once we have mastered the basics in Example 1, we will investigate how to use SetPassword as part of a more powerful VBScript in Example 2.

Example 1 - Script to Change a User's Password

Let us suppose that you want to set the user's account password at next logon.  The heart of the VBScript is a method called .SetPassword.  Applying .SetPassword to the user object has the same effect as setting the password option manually in Active Directory Users and Computers. (.SetInfo is like pressing the OK button)

Prerequisites for VBScript SetPassword

You need access and a working knowledge of Active Directory Users and Computers.  Following my theme of keep it simple, I recommend that you log on as administrator, perferably at a domain controller.  Alternatively, connect to the server with Remote Desktop.  If all else fails, you can try these script on an XP machine as a non-administrator, but why introduce extra complications?  Let us start with some easy successes.

Instructions for Changing a User's Password

  1. You should run this VBScript on a Windows Active Directory domain.
  2. Copy and paste the example script below into notepad or a VBScript editor.
  3. Decide whether to change the OU by editing the value for strContainer.  Of course you need test users in the OU referenced by strContainer.
  4. Save the file with a .vbs extension, for example: SetPassword .vbs.
  5. Double click SetPassword .vbs and check the Users container for strUser.

Sample Script to Change a User's Passwords

 

' SetPassword .vbs
' Sample VBScript Change Password in a named OU.
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.3 - May 2010
' -----------------------------------------------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' -----------------------------------------------'
' Important change OU= to reflect your domain
' -----------------------------------------------'
strContainer = "OU=Accounts, "
strPassword = "P@ssw0rd"
strContainer = strContainer & strDNSDomain

' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.SetInfo
End If
Next

WScript.Quit

' End of Example VBScript: SetPassword

Guy Recommends:  SolarWinds' Free Bulk Import ToolFree Download Solarwinds Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD's attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

VBScript Tutorial - Learning Points for VBScript SetPassword

Note 1:  The header section explains the purpose of the script.  Then, I declare three objects, one each for User, OU and DNSDomain.

Note 2:  You probably need to change the strContainer from 'OU=Accounts, " to one of your OUs.  Did you notice the comma at the end of this string?

Note 3:  One of the most important jobs of Active Directory VBScripts is to 'bind' to the domain name.  My technique avoids having to 'hard code' the domain name in the script.  Study how objRootDSE and strDNSDomain combine to extract the LDAP name.  The point is that my technique will work for any domain without having to know the domain name in advance.  This is a huge advantage as I have no idea what you domain is called.

Note 4:  See how the example derives strContainer from the domain name and strOU.Example script to change a password with objUser.setpassword method

Note 5: Trace how the ObjUser manipulate the password with the special .SetPassword method.  What this does is enter the password just as if you had typed it in the Active Directory Users and Computers interface.  The .SetInfo method is the equivalent of you pressing the OK button on the dialog box.

Note 6:  From a purely scripting point of view, the neat feature is the way that the example cycles through all the accounts in the strContainer.  VBScript controls this by looping with , For Each .... next.

Note 7:  Hardly a script goes by without the need of the If... then end if construction.  For this example, we filter the objects with the, If objUser.Class = "User".  The point is that the OU could also contain computers whose passwords we wish to remain unchanged.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds' Orion performance monitor will help you discover what's happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds' Network Performance Monitor

Example 2 - To Force Users to Change Password at Next Logon

This script builds on Example 1, so I recommend you check over the above script before tackling this more advanced example.  As you set the account password, there are two other factors that you may wish to include in the script.  If the account is disabled, you may wish to enable it with userAccountControl = 512.  In addition to setting the password, perhaps you want to force the users to change their password at next logon with PwdLastSet =0.

Sample Script to Force Users to Change Password at Next Logon

 

' SetPasswordAdv.vbs
' Sample VBScript to force a user to change password at next logon
' Author Guy Thomas http://computerperformance.co.uk/
' Version 1.2 - May 2010
' -----------------------------------------------'
Option Explicit
Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strPassword
Dim intCounter, intAccValue, intPwdValue

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' -----------------------------------------------'
' Important change OU= to reflect your domain
' -----------------------------------------------'
strContainer = "OU=Accounts, "
strPassword = "P@ssw0rd"
strContainer = strContainer & strDNSDomain

' Here is where we set the value to enable the account
' 512 = Enable, 514 = Disable.
intAccValue = 512

' Here we force a change of password at next logon
intPwdValue = 0 ' Default is -1

' Loop through OU=, setting passwords for all users
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
   If objUser.class="user" then
      objUser.SetPassword strPassword
      objUser.Put "userAccountControl", intAccValue
      objUser.Put "PwdLastSet", intPwdValue
      objUser.SetInfo
   End If
Next

WScript.Echo "Password is " & strPassword & vbCr & _
"UserAccountControl = " & intAccValue & vbCr & "Check " & strContainer

WScript.Quit

' End of Free Sample SetPasswordAdv Script

VBScript Tutorial - Learning Points

Note 1:  Observe the two VBScript methods .SetPassword and .Put.  Also, see how .SetInfo is rather like pressing the OK button if you were to perform the same task manually at the Active Directory Users and Computers interface.

Note 2:  When testing, I often add WScript.echo commands to confirm what the script has achieved.  Incidentally, this is another reason to declare and apply variables, for example, strContainer and intAccValue.

See also Windows 8's Password Reveal Eye »

Summary for Changing a User's Password with SetPassword

There may be more tasks to resetting passwords than you originally thought.  By combining these three methods, you get the best possible control: set the actual password, enable the account and then force the user to change the password at the next logon.  Always bear in mind that these scripting commands mimic what you could do manually at the Active Directory Users and Computers snap-in.

 

If you like this page then please share it with your friends

 


See more VBScript examples:

VBScript create users   • VBScript create contact   • Create contact Exchange   • VBS PwdLastSet

VBScript create computer   • PowerShell create computer from spreadsheet   • Free Import Users Tool

VBScript change password  • VBScript to create group   • SolarWinds Free WMI Monitor

 *


Custom Search

Site Home

Guy Recommends: WMI Monitor for PowershellSolarwinds WMI Monitor

Windows Management Instrumentation (WMI) is most useful for PowerShell scripting.

SolarWinds have produced this Free WMI Monitor to take the guess work out of which WMI counters to use for applications like Microsoft Active Directory, SQL or Exchange Server.

Download your free copy of WMI Monitor

Author: Guy Thomas Copyright © 1999-2016 Computer Performance LTD All rights reserved.

Please report a broken link, or an error to: