JSI Tip 9848. How can a script optionally set a user's password, and set 'User must change password at next logon'?

I have scripted UserMCP.bat to set User must change password at next logon and optionally reset the password.

The syntax for using UserMCP.bat is:

for /f "Tokens=*" %%a in ('UserMCP SAMID \[NewPassword\]') do set OK=%%a


SAMID       is the user logon name, sAMAccountName.

NewPassword is an optional new password, that must conform to the domains password policy.

OK          is set to Y if the operation was successful, or N if it failed.
UserMCP.bat contains:
@echo off
if \{%1\}==\{\} @echo Syntax: UserMCP SAMID \[NewPassword\]&goto :EOF
set sam=%1
set OK=N
for /f "Tokens=*" %%a in ('net user %sam% %2 /domain^|find /i "The command completed successfully."') do (
 set OK=Y
if "%OK%" EQU "N" goto finish
if exist "%TEMP%\UserMCP.vbs" goto start
@echo.On Error Resume Next>"%TEMP%\UserMCP.vbs"
@echo.Dim objConnection, objCommand, objRootDSE, strDNSDomain>>"%TEMP%\UserMCP.vbs"
@echo.Dim strFilter, strQuery, objRecordSet, objArgs, usr>>"%TEMP%\UserMCP.vbs"
@echo.Set objArgs = Wscript.Arguments>>"%TEMP%\UserMCP.vbs"
@echo.sam = objArgs(0) >>"%TEMP%\UserMCP.vbs"
@echo.Set objConnection = CreateObject("ADODB.Connection") >>"%TEMP%\UserMCP.vbs"
@echo.Set objCommand = CreateObject("ADODB.Command") >>"%TEMP%\UserMCP.vbs"
@echo.objConnection.Provider = "ADsDSOOBject">>"%TEMP%\UserMCP.vbs"
@echo.objConnection.Open "Active Directory Provider">>"%TEMP%\UserMCP.vbs"
@echo.Set objCommand.ActiveConnection = objConnection>>"%TEMP%\UserMCP.vbs"
@echo.Set objRootDSE = GetObject("LDAP://RootDSE") >>"%TEMP%\UserMCP.vbs"
@echo.strDNSDomain = objRootDSE.Get("defaultNamingContext") >>"%TEMP%\UserMCP.vbs"
@echo.strBase = "<LDAP://" ^& strDNSDomain ^& ">" >>"%TEMP%\UserMCP.vbs"
@echo.strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" ^& sam ^& "))" >>"%TEMP%\UserMCP.vbs"
@echo.strAttributes = "distinguishedName,pwdLastSet">>"%TEMP%\UserMCP.vbs"
@echo.strQuery = strBase ^& ";" ^& strFilter ^& ";" ^& strAttributes ^& ";subtree">>"%TEMP%\UserMCP.vbs"
@echo.objCommand.CommandText = strQuery>>"%TEMP%\UserMCP.vbs"
@echo.objCommand.Properties("Page Size") = 99999>>"%TEMP%\UserMCP.vbs"
@echo.objCommand.Properties("Timeout") = 300>>"%TEMP%\UserMCP.vbs"
@echo.objCommand.Properties("Cache Results") = False>>"%TEMP%\UserMCP.vbs"
@echo.Set objRecordSet = objCommand.Execute>>"%TEMP%\UserMCP.vbs"
@echo.Do Until objRecordSet.EOF>>"%TEMP%\UserMCP.vbs"
@echo.    strDN = objRecordSet.Fields("distinguishedName") >>"%TEMP%\UserMCP.vbs"
@echo.    usr = "LDAP://" ^& strDN>>"%TEMP%\UserMCP.vbs"
@echo.    Set oUser = GetObject(usr)>>"%TEMP%\UserMCP.vbs"
@echo.    oUser.Put "pwdLastSet", CLng(0) >>"%TEMP%\UserMCP.vbs"
@echo.    oUser.SetInfo>>"%TEMP%\UserMCP.vbs"
@echo.    objRecordSet.MoveNext>>"%TEMP%\UserMCP.vbs"
@echo.Set objConnection = Nothing>>"%TEMP%\UserMCP.vbs"
@echo.Set objCommand = Nothing>>"%TEMP%\UserMCP.vbs"
@echo.Set objRootDSE = Nothing>>"%TEMP%\UserMCP.vbs"
@echo.Set objRecordSet = Nothing>>"%TEMP%\UserMCP.vbs"
cscript //nologo "%TEMP%\UserMCP.vbs" %sam%
@echo %OK%

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.