Hi
This is our script that will allow teachers to reset student passwords. It stopped working some time ago and i can't understand why. The reset is being logged in the text documents, the script says its been rest but it simply doesn't work. Teachers are in the right group etc.
Your help will be appreciated.
Thanks
Dim sUserName, sDomain, oUser, oNet, sComputer, pw, vbClrf, _
sPword2, sPword3, oComputer, serverpath, filename, objshell
Dim namecheck, nameexists, userou, ou
Set objNetwork = CreateObject ("WScript.Network")
While objNetwork.Username = ""
WScript.Delay (100)
Wend
strComputerName = objNetwork.ComputerName
strUserName = objNetwork.UserName
IF NOT ISMEMBER ("CN=PasswordResettingAccess") THEN
wscript.echo "You do not have permission to change student passwords" & VBCR & VBCR & "Please speak to IT Support if your require this permission"
wscript.quit
END IF
sUserName = InputBox("Please type Username" & chr(13) & "in the format" & chr(13) & "hc<1stinitial><2ndinitial><surname><year>", "Heywood Community HS Password Change", "")
IF sUserName = "" THEN wscript.quit
call checkname
if nameexists = "yes" then call resetpassword
if nameexists = "no" then call noaccount
wscript.quit
sub resetpassword
call checkstudent
if NOT userou = "Students" then call notstudentaccount
bConfirm = MsgBox ("Password to be reset, are you sure?", 4, sUsername)
If bConfirm = 7 then call nochange
Set oNet = CreateObject("Wscript.Network")
serverpath = "\\hc-print\Computer Use Logs\PasswordReset\"
filename = "password_change1.txt"
dim filesys, filetxt
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set filesys = CreateObject("Scripting.FileSystemObject")
Set filetxt = filesys.OpenTextFile(serverpath+filename, ForAppending, True)
filetxt.WriteLine sUsername
filetxt.WriteLine "Reset by " & strUserName & " from " & strComputerName
filetxt.Close
'wscript.echo time
IF time<"16:00:00" THEN WScript.Echo "The password for user account " & chr(13) & chr(13) & sUserName & chr(13) & chr(13) & " will be reset to ' football ' within the next 2 minutes." & VBCR & VBCR & "Please wait 2 minutes before attempting to log on with this account"
IF time>"16:00:00" THEN WScript.Echo "User accounts cannot be changed by using this script after 4:00pm" & vbcr & "The password for user account " & chr(13) & chr(13) & sUserName & chr(13) & chr(13) & " will be reset to ' football ' tomorrow morning at 9:00am"
wscript.quit
end sub
sub nochange
wscript.echo sUsername & " - Password Change aborted"
wscript.quit
end sub
sub noaccount
wscript.echo "Username - " & sUsername & " - does not exist in this Domain." & vbcr & "Please check that you have entered it correctly and try again"
wscript.quit
end sub
sub checkname
'if domainname = "" then
set objRoot = getobject("LDAP://RootDSE")
domainname = objRoot.get("defaultNamingContext")
'end if
if sUserName <> "" then
namecheck = finduser(sUserName,domainname)
end if
if namecheck = "Not Found" then nameexists = "no" ELSE nameexists = "yes"
end sub
sub checkstudent
ou = mid(namecheck,instr(namecheck,",")+1,len(namecheck )-instr(namecheck,","))
ou = split(ou, ",")
userou = mid(ou(2),4,(len(ou(2))))
end sub
sub notstudentaccount
wscript.echo "This is not a student account" & vbcr & "This script can only be used to change passwords for student accounts" & vbcr & vbcr & vbcr & "Please contact IT Support for assistance if you wish to reset the password on this account"
wscript.quit
end sub
Function FindUser(Byval UserName, Byval Domain)
on error resume next
set cn = createobject("ADODB.Connection")
set cmd = createobject("ADODB.Command")
set rs = createobject("ADODB.Recordset")
cn.open "Provider=ADsDSOObject;"
cmd.activeconnection=cn
cmd.commandtext="SELECT ADsPath FROM 'LDAP://" & Domain & _
"' WHERE sAMAccountName = '" & UserName & "'"
set rs = cmd.execute
if err<>0 then
FindUser="Error connecting to Active Directory Database:" & err.description
else
if not rs.BOF and not rs.EOF then
rs.MoveFirst
FindUser = rs(0)
else
FindUser = "Not Found"
end if
end if
cn.close
end function
'::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::
'::: CHECK WHETHER USER IS A MEMBER OF A CERTAIN GROUP :::
'::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::
Function IsMember (strGroup)
':::::::::::::::::::::::::::::::::::::::::::::::
'::: Use LDAP to find out account details :::
':::::::::::::::::::::::::::::::::::::::::::::::
On Error Resume Next
Set objSystemInfo = CreateObject ("AdSystemInfo")
Err.Clear
Set objUser = GetObject ("LDAP://" & objSystemInfo.UserName)
If Err.Number <> 0 Then
MsgBox Err.Number & vbTab & Err.Description
End If
Dim objGroup
IsMember = FALSE
For Each objGroup In objUser.Groups
'Message "TESTING - PLEASE IGNORE", 1, strUserName & " is a member of " & objGroup.Name & " " & objGroup.Class, 1
strThisGroup = Replace (objGroup.Name, "CN=\", "")
If strThisGroup = strGroup Then
IsMember = TRUE
Exit For
End If
Next
End Function
Why not create a taskpad that only allows password resetting?
Assuming you use XP.
Read up about it HERE
just looking through it, it mentions that password will be reset to football, but cant see the string that actually does the resetting of the password.
going by MS script repository, you can use this:
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.ChangePassword "i5A2sj*!", "jl3R86df"
sorry, i am not a script expert. how do you mean please?
Z
I see what you mean, I have no idea what’s going on with that. It used to work, i didn’t see what it was like before there wasn't any need.
I don’t know what happened to the reply but it said this
What he means is that there doesn't seem to be anything in the code that actually changes the password. Instead the code just performs several checks to see whether requirements are met. When these requirements are met though there is no code to tell the script what to do.
So has somebody modified the script then?
Well I haven’t and the other two guys haven’t. The only thing I can think is that somehow an older version, whilst it was under developed was restored some how.
what does this mean?set rs = cmd.execute
rs is often used as the identifier for a RecordSet.
the rest executes something... usually it's an ADODB & SQL thing.
Looking at what you posted, under the "FindUser" function, it executes the query (specified as cmd.CommandText) against AD to find the specified/active user (didnt bother looking up which)
Last edited by Lithium; 17th March 2008 at 12:09 AM.
ok thanks
Along with not having a bit that applies a password reset it does not appear to have any account impersonation setup which you will need when applying the password change if the user running the script does not have the right to change the password in AD under their current logon.
Thats odd, i will have a look round for a more updated version.
Why Not Use This ?Why not create a taskpad that only allows password resetting?
Assuming you use XP.
Read up about it HERE
This means staff can see something instead of messing with scripts.
We do this through our Staff Intranet. Any member of staff can change a student password through the PHP front end, logged in as themselves. This then calls a VB Script at the server and makes the LDAPS change. I would say it's reduced the password change 'visitor' numbers to the ICT Office by at least 80% and has been highly praised by all staff who've used it for its simplicity. One reason why it's so simple is that it pulls the student's DOB from SIMS and sets the password to DDMMYY, not even requiring the student to leave their seat. The only people it hasn't gone down well with are the students who like the excuse to leave the room!
We set up a new group in AD and gave that group permissions to change student passwords only. Made all teachers a member of the group. Then install Wisesofts Bulk Password program on the teachers desktop in the ICT suites. Job done.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote