I have scripted UserMCP.bat to set User must change password at next logon
and optionally reset the password.
The syntax for using UserMCP.bat is:
for /f "Tokens=*" %%a in ('UserMCP SAMID \[NewPassword\]') do set OK=%%a
Where:
SAMID is the user logon name, sAMAccountName. NewPassword is an optional new password, that must conform to the domains password policy. OK is set to Y if the operation was successful, or N if it failed.UserMCP.bat contains:
@echo off if \{%1\}==\{\} @echo Syntax: UserMCP SAMID \[NewPassword\]&goto :EOF setlocal set sam=%1 set OK=N for /f "Tokens=*" %%a in ('net user %sam% %2 /domain^|find /i "The command completed successfully."') do ( set OK=Y ) if "%OK%" EQU "N" goto finish if exist "%TEMP%\UserMCP.vbs" goto start @echo.On Error Resume Next>"%TEMP%\UserMCP.vbs" @echo.Dim objConnection, objCommand, objRootDSE, strDNSDomain>>"%TEMP%\UserMCP.vbs" @echo.Dim strFilter, strQuery, objRecordSet, objArgs, usr>>"%TEMP%\UserMCP.vbs" @echo.Set objArgs = Wscript.Arguments>>"%TEMP%\UserMCP.vbs" @echo.sam = objArgs(0) >>"%TEMP%\UserMCP.vbs" @echo.Set objConnection = CreateObject("ADODB.Connection") >>"%TEMP%\UserMCP.vbs" @echo.Set objCommand = CreateObject("ADODB.Command") >>"%TEMP%\UserMCP.vbs" @echo.objConnection.Provider = "ADsDSOOBject">>"%TEMP%\UserMCP.vbs" @echo.objConnection.Open "Active Directory Provider">>"%TEMP%\UserMCP.vbs" @echo.Set objCommand.ActiveConnection = objConnection>>"%TEMP%\UserMCP.vbs" @echo.Set objRootDSE = GetObject("LDAP://RootDSE") >>"%TEMP%\UserMCP.vbs" @echo.strDNSDomain = objRootDSE.Get("defaultNamingContext") >>"%TEMP%\UserMCP.vbs" @echo.strBase = "<LDAP://" ^& strDNSDomain ^& ">" >>"%TEMP%\UserMCP.vbs" @echo.strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" ^& sam ^& "))" >>"%TEMP%\UserMCP.vbs" @echo.strAttributes = "distinguishedName,pwdLastSet">>"%TEMP%\UserMCP.vbs" @echo.strQuery = strBase ^& ";" ^& strFilter ^& ";" ^& strAttributes ^& ";subtree">>"%TEMP%\UserMCP.vbs" @echo.objCommand.CommandText = strQuery>>"%TEMP%\UserMCP.vbs" @echo.objCommand.Properties("Page Size") = 99999>>"%TEMP%\UserMCP.vbs" @echo.objCommand.Properties("Timeout") = 300>>"%TEMP%\UserMCP.vbs" @echo.objCommand.Properties("Cache Results") = False>>"%TEMP%\UserMCP.vbs" @echo.Set objRecordSet = objCommand.Execute>>"%TEMP%\UserMCP.vbs" @echo.objRecordSet.MoveFirst>>"%TEMP%\UserMCP.vbs" @echo.Do Until objRecordSet.EOF>>"%TEMP%\UserMCP.vbs" @echo. strDN = objRecordSet.Fields("distinguishedName") >>"%TEMP%\UserMCP.vbs" @echo. usr = "LDAP://" ^& strDN>>"%TEMP%\UserMCP.vbs" @echo. Set oUser = GetObject(usr)>>"%TEMP%\UserMCP.vbs" @echo. oUser.Put "pwdLastSet", CLng(0) >>"%TEMP%\UserMCP.vbs" @echo. oUser.SetInfo>>"%TEMP%\UserMCP.vbs" @echo. objRecordSet.MoveNext>>"%TEMP%\UserMCP.vbs" @echo.Loop>>"%TEMP%\UserMCP.vbs" @echo.objConnection.Close>>"%TEMP%\UserMCP.vbs" @echo.Set objConnection = Nothing>>"%TEMP%\UserMCP.vbs" @echo.Set objCommand = Nothing>>"%TEMP%\UserMCP.vbs" @echo.Set objRootDSE = Nothing>>"%TEMP%\UserMCP.vbs" @echo.Set objRecordSet = Nothing>>"%TEMP%\UserMCP.vbs" :start cscript //nologo "%TEMP%\UserMCP.vbs" %sam% :finish @echo %OK% endlocal
0 comments
Hide comments