Sunday, April 11, 2010

Disabling User Must Change Password on Next Logon via VB Script

I'm in the middle of doing a AD Migration for a client using ADMT. One thing I noticed though is whenever I migrate user objects with ADMT it automatically enables user must change password at next logon. I do not want this!

The following script disables the option for all user accounts per OU:

Option Explicit
On Error Resume Next
Dim objOU, objUser, objRootDSE
Dim strContainer, strLastUser, strDNSDomain, intCounter, intAccValue
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strContainer = "OU=ITStaff ,"
intAccValue = 544
strContainer = strContainer & strDNSDomain
set objOU =GetObject("LDAP://" & strContainer )
intCounter = 0
For each objUser in objOU
If objUser.class="user" then
intCounter = intCounter +1
strLastUser = objUser.Get ("name")
objuser.Put "pwdLastSet", -1
End if
WScript.Echo intCounter & " Users change pwd next logon. Value " _
& intAccValue
' End of User Account example VBScript

Note if you want to re-enable the tickbox for changing passwords change the following value:

objuser.Put "pwdLastSet", -1

You can also do this for the entire domain using WinNT and not LDAP:

Option Explicit
Dim oDomain, oObject
Set oDomain = GetObject("WinNT://cos.local")

For Each oObject in oDomain
If oObject.Class = "User" Then
oObject.Put "PasswordExpired", 0
End If

No comments:

Post a Comment