Contents of Guy’s Scripting Ezine 11 – Passwords
- A recap of how to create a user
- Setting a Password
- Changing a Password
- VBScript Change Password
This week’s theme is changing passwords. I will show you how to set the password on a new account or change an existing account password. When you copy and paste the script below, remember to substitute your domain for: cp.com and also your organizational unit for ou=Worcester.
1) Creating your user (Recap)
This is an extra preliminary script to create a user so tht we can change their password. Copy and paste the examples below into notepad.exe
IMPORTANT: Change the ‘ou=Worcester’ to an OU in your Active Directory.
N.B. Change ‘cn=Guido’ to the name of a user you wish to create.
Save the script with a .vbs extension, and double click the file to test it.
‘ Example script to create a user called Guido in OU Worcester
‘ Note the domain cp.com should be changed.
Set objOU = GetObject("LDAP://OU=Worcester,dc=cp,dc=com")
Set objUser = objOU.Create("User", "cn=GuidoT")
objUser.Put "sAMAccountName", "GuidoT"
objUser.Put "givenName", "Guido"
objUser.Put "initials", "A.G."
objUser.Put "sn", "Thomas"
objUser.Put "displayName", "Guido Thomas"
Set objOU = GetObject This statement references the correct container or organizational unit in Active Directory. You will need to change the ("LDAP://OU = Worcester, dc=cp, dc=com") to reflect your domain and your OU.
Set objUser = objOU.Create This statement tells Active Directory that you wish to add a user object (not a computer object) and that you want to create not delete.
objUser.Put This is the best way to add the attributes of the user GuidoT.
SetInfo means write the objUser into Active Directory
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)
‘ To SET a user’s password.
Set objUser = GetObject _
The key method here is SetPassword. Best practice is to use UPPER case, lower case, numbers and even non-alphanumeric characters so that the passwords are very difficult to guess, for example STL01isRams. If your password policy is less strict then suggest that they use phrases in their passwords, for example (ST Louis Rams).
‘ To CHANGE a user’s password. N.B. you must know the original password
Set objUser = GetObject _
objUser.ChangePassword "gU1d0*!", "ant0n10#!"
The above script will change a password but only if you already know the existing password. Notice a different method ChangePassword here, compared with SetPassword in 2) Setting the User’s password in the middle script.
In this Ezine you learnt how to set or change a users password. The technique uses to key methods, objUser.ChangePassword and objUser.SetPassword. We also had a refresher on the .put and .Setinfo methods of adding or amending user’s properties.
See More Active Directory VBScripts for Passwords