VBScript Change Password

Tutorial for Changing a User Account Password with SetPassword

With VBScript, it is relatively easy to set each user’s account to a known password.  You can also configure the account so that once the user authenticates, they must change the known password to a more secure password.  This is a popular script for schools and colleges to run at the start of a year; either for new pupils, or for old lags who have forgotten last term’s passwords.

Topics for VBScript Change Password

• Our Mission and Goals
• Example 1 – To Set the User’s Password
• VBScript Tutorial – Learning Points for SetPassword
• Example 2 – To Force Users to Change Password at Next Logon
• Summary for Changing Passwords

 ♦

Our Mission and Goals

Setting the password may be part of a bigger plan, for example, to enable the account and force the user to change their password at next logon.  My mantra is build scripts gradually, one section at a time.  Therefore, once we have mastered the basics in Example 1, we will investigate how to use SetPassword as part of a more powerful VBScript in Example 2.

Example 1 – Script to Change a User’s Password

Let us suppose that you want to set the user’s account password at next logon.  The heart of the VBScript is a method called .SetPassword.  Applying .SetPassword to the user object has the same effect as setting the password option manually in Active Directory Users and Computers. (.SetInfo is like pressing the OK button)

Prerequisites for VBScript SetPassword

You need access and a working knowledge of Active Directory Users and Computers.  Following my theme of keep it simple, I recommend that you log on as administrator, perferably at a domain controller.  Alternatively, connect to the server with Remote Desktop.  If all else fails, you can try these script on an XP machine as a non-administrator, but why introduce extra complications?  Let us start with some easy successes.

Instructions for Changing a User’s Password

1. You should run this VBScript on a Windows Active Directory domain.
2. Copy and paste the example script below into notepad or a VBScript editor.
3. Decide whether to change the OU by editing the value for strContainer.  Of course you need test users in the OU referenced by strContainer.
4. Save the file with a .vbs extension, for example: SetPassword .vbs.
5. Double click SetPassword .vbs and check the Users container for strUser.

Sample Script to Change a User’s Passwords

Guy Recommends:  SolarWinds’ Free Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

VBScript Tutorial – Learning Points for VBScript SetPassword

Note 1:  The header section explains the purpose of the script.  Then, I declare three objects, one each for User, OU and DNSDomain.

Note 2:  You probably need to change the strContainer from ‘OU=Accounts, " to one of your OUs.  Did you notice the comma at the end of this string?

Note 3:  One of the most important jobs of Active Directory VBScripts is to ‘bind’ to the domain name.  My technique avoids having to ‘hard code’ the domain name in the script.  Study how objRootDSE and strDNSDomain combine to extract the LDAP name.  The point is that my technique will work for any domain without having to know the domain name in advance.  This is a huge advantage as I have no idea what you domain is called.

Note 4:  See how the example derives strContainer from the domain name and strOU.

Note 5: Trace how the ObjUser manipulate the password with the special .SetPassword method.  What this does is enter the password just as if you had typed it in the Active Directory Users and Computers interface.  The .SetInfo method is the equivalent of you pressing the OK button on the dialog box.

Note 6:  From a purely scripting point of view, the neat feature is the way that the example cycles through all the accounts in the strContainer.  VBScript controls this by looping with , For Each …. next.

Note 7:  Hardly a script goes by without the need of the If… then end if construction.  For this example, we filter the objects with the, If objUser.Class = "User".  The point is that the OU could also contain computers whose passwords we wish to remain unchanged.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Example 2 – To Force Users to Change Password at Next Logon

This script builds on Example 1, so I recommend you check over the above script before tackling this more advanced example.  As you set the account password, there are two other factors that you may wish to include in the script.  If the account is disabled, you may wish to enable it with userAccountControl = 512.  In addition to setting the password, perhaps you want to force the users to change their password at next logon with PwdLastSet =0.

Sample Script to Force Users to Change Password at Next Logon

VBScript Tutorial – Learning Points

Note 1:  Observe the two VBScript methods .SetPassword and .Put.  Also, see how .SetInfo is rather like pressing the OK button if you were to perform the same task manually at the Active Directory Users and Computers interface.

Note 2:  When testing, I often add WScript.echo commands to confirm what the script has achieved.  Incidentally, this is another reason to declare and apply variables, for example, strContainer and intAccValue.

See also Windows 8's Password Reveal Eye »

Summary for Changing a User’s Password with SetPassword

There may be more tasks to resetting passwords than you originally thought.  By combining these three methods, you get the best possible control: set the actual password, enable the account and then force the user to change the password at the next logon.  Always bear in mind that these scripting commands mimic what you could do manually at the Active Directory Users and Computers snap-in.

See more VBScript examples:

• VBScript create users   • VBScript create contact  • Create contact Exchange  • VBS PwdLastSet

• VBScript create computer   • PowerShell create computer from spreadsheet  • Free Import Users Tool

• VBScript change password  • VBScript to create group  • SolarWinds Free WMI Monitor