+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Scripts Thread, Password Reset Help - Active Directory permission in Coding and Web Development; Hi I have made a script that will allow teachers to reset passwords. It will check the OU of the ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448

    Password Reset Help - Active Directory permission

    Hi

    I have made a script that will allow teachers to reset passwords. It will check the OU of the concerned account to check if it is a student account, that bit works fine. The script works perfectly for administrators. But for non-administrators i get the attached error message. I think it is permissions concerning active directory, how do i give access to reset passwords to certain a group please?

    Thanks
    Last edited by FN-GM; 25th June 2008 at 02:47 PM.

  2. #2
    cromertech's Avatar
    Join Date
    Dec 2007
    Location
    Cromer by the coast
    Posts
    731
    Thank Post
    177
    Thanked 109 Times in 97 Posts
    Rep Power
    54

    Password Reset Help

    I did it the other way round and prevented student from changing their passwords with a group policy. see attached screen for location
    Attached Images Attached Images

  3. #3

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,140
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    Quote Originally Posted by cromertech View Post
    I did it the other way round and prevented student from changing their passwords with a group policy. see attached screen for location
    I don't think that is the right thing. Going on the questions Zak has asked before it seems as though this script allows staff to change the password of any student.

    Might be irrelevant but what is the code on line 60?

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    on line 60 is the part where it changes the password. We don't let students change their own passwords but they still forget them. We are out of the office allot so don't get chance to reset them you see.

    Z

  5. #5

    Join Date
    Mar 2007
    Posts
    1,769
    Thank Post
    80
    Thanked 291 Times in 222 Posts
    Rep Power
    86
    have you delegated permission for staff to change passwords?

  6. #6

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    225
    Thank Post
    16
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    Just to follow up on strawberry's remark, objects in active directory have permissions in exactly the same way that files do on NTFS volumes. If you look at the security tab on the properties of an OU (i.e. your students OU) you can see the permissions. To set the change password permission, go to advanced then add/edit the user you wish to grant the permission to and select "Apply onto: user objects" from the dropdown.

    IIRC you need to allow "change password", "reset password" and possibly one other to allow users to set the "change password on next logon" as this temporarily alters the object's password expiration settings.

  7. Thanks to rob_f from:

    FN-GM (6th May 2008)

  8. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    Thanks alot i will give that a go tomorrow

    Thanks

    Z

  9. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    Quote Originally Posted by rob_f View Post
    Just to follow up on strawberry's remark, objects in active directory have permissions in exactly the same way that files do on NTFS volumes. If you look at the security tab on the properties of an OU (i.e. your students OU) you can see the permissions. To set the change password permission, go to advanced then add/edit the user you wish to grant the permission to and select "Apply onto: user objects" from the dropdown.

    IIRC you need to allow "change password", "reset password" and possibly one other to allow users to set the "change password on next logon" as this temporarily alters the object's password expiration settings.
    I have just done that but the same problem. I gave the staff usergroup "change password" & "reset password" rights.

  10. #9

    Join Date
    Mar 2007
    Posts
    1,769
    Thank Post
    80
    Thanked 291 Times in 222 Posts
    Rep Power
    86
    might be a silly question, but did you log off and back on again?

  11. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    Yer, i doubt re-starting the domain controllers will do anything will it?

  12. #11
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108
    No it wont do anything but you can force replication under sites and services but tbh it normally replicates before you get the MMC open. Logging off and on again will renew your access token which you will need to do in this case more than likely.

  13. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    Hi

    I have forced replication but the same problem. I have also tried loggin on then back off again.

    Thanks for your suggestions

    Z

  14. #13

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    225
    Thank Post
    16
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    To eliminate a problem with your script, install the Windows Server 2003 Administration Pack on a teacher's machine, which gives them Active Directory U&C. They should then be able to launch ADU&C and reset passwords under the OU for which you have changed the permissions, if the perms are indeed correct.


    Rob.

  15. #14

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    Ok i will give that a go on friday, my day off tomorrow.

    Z

  16. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    Sorry for the slow comeback. It will only let the teacher reset the password not check the box “user must change password at next logon” I’m unsure how to allow it.

    Thanks

    Z

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Self Service Password Reset
    By plexer in forum EduGeek Self Service Password Reset
    Replies: 273
    Last Post: 5th November 2013, 06:51 PM
  2. bulk password reset
    By Jonny_sims in forum Windows
    Replies: 10
    Last Post: 26th September 2011, 10:12 PM
  3. Replies: 15
    Last Post: 28th August 2009, 09:55 AM
  4. reset admin password
    By fafster in forum Windows
    Replies: 11
    Last Post: 27th February 2008, 10:01 AM
  5. Replies: 7
    Last Post: 31st January 2008, 12:17 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •