Hello -
We have used a series of user password changing scripts that we used in our
NT4 domain. We have upgraded to 2003 Active directory and of course the
scripts no longer work. I am a novice scripter and am wondering how
difficult it would be to convert these scripts for use with AD and the LDAP
database. I'd basically like to use the same web script shell but change the
VBS calls to recognize the LDAP and AD components (instead of NT 4).
I am copying some of the script body in to this message. Can anyone give me
some guidance in converting these to AD or let me know that this is 'way over
my head' :)
Thanks for you help.
html>
<head>
<title>List Windows Accounts</title>
</head>
<body>
<font face="arial">
<H3>List Windows Accounts</H3>
Use this form to generate a list of all adomain domain accounts. After
getting the list
you can click on a name to Check Status. Don't use this function unless you
need to Check Status of an account and don't know the username. Normally you
would get the username from the user.
<form name="form1" action="listaccounts.asp" method="post">
<input type="submit" name="btnSubmit" value="List Accounts">
</form>
<% If Request.Form("btnSubmit") = "List Accounts" Then 'We have data to
process
On Error Resume Next
Dim strDomain
Dim strUser
Dim arrUsers
Dim oNTContMgmnt
strDomain = "adomain"
Set oNTContMgmnt = Server.CreateObject("NTAdmin.NTContainerManagement")
If Err.Number <> 0 Then
Response.Write "<b>An error was encountered.</b><br><b>Error
number:</b> " & err.number & "<br><b>Error Description:</b> " &
err.description
Else
arrUsers = oNTContMgmnt.EnumerateContainer(strDomain, "User")
For Each strUser in arrUsers
Response.Write "<a href=status.asp?usrName=" & strUser & ">" &
strUser & "</a><br>"
Next
End If
Set oNTContMgmnt = Nothing
End If %>
</font>
</body>
</html>
-----------------------------------------------------------------
<html>
<head>
<title>Reset Password</title>
<script language="vbscript" runat="server">
If Not Request.Form("usrName") = "" Then 'Got parameters, process request
on server
On Error Resume Next
Dim boolFoundUser
Dim boolRetVal
Dim strUser
Dim arrUsers
Dim strAdmin
Dim arrAdmins(20)
Dim strDomain
Dim oNTUserMgmnt
Dim oNTContMgmnt
'Sensitive accounts drawn from DomAdmins, Admins, AccountOps
'There are additinal SMS account to deal with. Remove from admin?
strDomain = "adomain"
Set oNTUserMgmnt = Server.CreateObject("NTAdmin.NTUserManagement")
Set oNTContMgmnt = Server.CreateObject("NTAdmin.NTContainerManagement")
If err.number <> 0 Then
Response.Write "<b>An error was encountered.</b><br><b>Error
number:</b> " & err.number & "<br><b>Error Description:</b> " &
err.description
Else
arrUsers = oNTContMgmnt.EnumerateContainer(strDomain, "User")
boolFoundUser = False
For Each strUser in arrUsers
If Lcase(strUser) = LCase(Request.Form("usrName")) Then
For Each strAdmin in arrAdmins
If strAdmin = Request.Form("usrName") Then
BoolFoundUser = False 'Don't find admin accounts!
Exit For
Else
boolFoundUser = True
End If
Next
If boolFoundUser = True Then
oNTUserMgmnt.SetUserPassword strDomain, Request.Form("usrName"),
Request.Form("pword")
If err.number <> 0 Then
Response.Write "<b>Error: The new password could not be set for
" & Request.Form("usrName") & ".</b>"
Else
Response.Write "<b>Success: New password set for " &
Request.Form("usrName") & ".</b>"
'Expire account so that user must change password at logon
boolRetVal = oNTUserMgmnt.SetUserProperty(strDomain,
Request.Form("usrName"), "PasswordExpired", 1)
If boolRetVal = False Then
Response.Write "<b>Error: Force password change at next logon
failed.</b>"
End If
End If
Exit For
End If
End If
Next
If boolFoundUser = False Then
Response.Write "<b>Error: User " & Request.Form("usrName") & " not
found in adomain domain.</b><p>"
End If
End If
Set oNTUserMgmnt = Nothing
Set oNTContMgmnt = Nothing
Else
'Got no parameters, just send blank form
End If
</script>
<script language="vbscript">
Sub btnSubmit_onClick
Dim lngUserLen, lngPwdLen, lngUpperChar, lngLowerChar, lngNumeric,
lngSymbol, lngLoopIndex
Dim strThisChar
Const UPPER_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
Const LOWER_CHARS = "abcdefghijklmnopqrstuvwxyz"
Const SYMBOL_CHARS = "`~!@#$%^&*()-_+=[]{}|;:',<>.?"
lngUserLen = Len(form1.usrName.value)
lngPwdLen = Len(form1.pword.value)
If (lngUserLen > 0) AND (lngUserLen < 15) Then
'alert "User name: " & form1.usrName.value
If (lngPwdLen > 6) AND (lngPwdLen < 15) Then
If StrComp(form1.pword.value, form1.confirm.value) = 0 Then
'alert "Passwords matched."
'alert "Password length = " & lngPwdLen
'Password complexity checking.
lngUpperChar = 0
lngLowerChar = 0
lngNumeric = 0
lngSymbol = 0
For lngLoopIndex = 1 to lngPwdLen
strThisChar = Mid(form1.pword.value, lngLoopIndex, 1)
'alert "Current char is: " & strThisChar
If Not InStr(UPPER_CHARS, strThisChar) = 0 Then
lngUpperChar = 1
ElseIf Not InStr(LOWER_CHARS, strThisChar) = 0 Then
lngLowerChar = 1
ElseIf IsNumeric(strThisChar) Then
lngNumeric = 1
ElseIf Not InStr(SYMBOL_CHARS, strThisChar) = 0 Then
lngSymbol = 1
End If
Next
If (lngUpperChar + lngLowerChar + lngNumeric + lngSymbol) > 2 Then
'alert "Password meets complexity rules!"
form1.submit
Else
alert "Password does not meet complexity rules. Try again."
End If
Else
'alert "Password = " & form1.pword.value & ". Confirm = " &
form1.confirm.value
alert "Passwords didn't match. Please try again."
form1.btnReset.click
End If
Else
alert "Error: You must supply a password with 7-14 characters and
confirm it before submitting the form."
form1.btnReset.click
End If
Else
alert "Error: You must supply a username with 1-14 characters before
submitting the form."
form1.btnReset.click
End If
End Sub
</script>
</head>
<body>
<font face="arial">
<H3>Reset Password</H3>
<p>
Use this form to set a new Windows password. Passwords must be
7-14 characters in length and must contain characters from at least
three of the following: uppercase letters, lowercase letters, numbers,
and symbol characters. <b>The user will be required to change their
password at first logon</b>. This will fail unless the user is doing
an interactive logon at a adomain workstation. Resetting the password
will not unlock the account if it is locked. Check Status first and
then go to the Unlock Account page if necessary.</p>
<p>
<font size="-1">
Note: Access to sensitive accounts via this tool has been blocked.</font></p>
<form name="form1" action="reset.asp" method="post">
<table border="0" cellpadding="2">
<tr><td align="right">User Name: </td>
<td><input type="text" name="usrName" size="16" maxlength="14"></td>
</tr>
<tr><td align="right">New Password: </td>
<td><input type="password" name="pword" size="16" maxlength="14">
</td>
</tr>
<tr><td align="right">Confirm Password: </td>
<td><input type="password" name="confirm" size="16" maxlength="14">
</td>
</tr>
<tr><td></td>
<td><input type="button" name="btnSubmit" value="Submit"> <input
type="reset" name="btnReset" value="Clear"></td>
</tr>
</table>
</form>
</font>
</body>
</html>
|