September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.17. Setting a User’s Password
Problem
You want to set the password for a user.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, right-click on the user and select Reset Password.
Enter and confirm the new password.
Click OK.
Using a command-line interface
This command changes the password for the user specified by
<UserDN>. Using *
after the -pwd option prompts you for the new
password. You can replace * with the password you
want to set, but it is not a good security practice since other users
that are logged into the machine may be able to see it.
> dsmod user <UserDN> -pwd *Using VBScript
' This code sets the password for a user. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com strNewPasswd = "NewPasword" ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) objUser.SetPassword(strNewPasswd) Wscript.Echo "Password set for " & objUser.Get("cn")
Discussion
The password for a user is stored in the
unicodePwd attribute. You cannot directly modify
that attribute, but have to use one of the supported APIs. See Recipe 6.18 to see how to set the password using
native LDAP and Recipe 6.19 for changing the
password via Kerberos.
With the VBScript solution, you can use the
IADsUser::SetPassword ...