+ Post New Thread
Results 1 to 10 of 10
Windows Thread, Web based Password Manager? in Technical; Anybody know of any existing web based tool to reset passwords on Active Directory accounts? Currently have a customised Managment ...
  1. #1
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,350
    Thank Post
    41
    Thanked 146 Times in 121 Posts
    Rep Power
    54

    Web based Password Manager?

    Anybody know of any existing web based tool to reset passwords on Active Directory accounts?

    Currently have a customised Managment Console that just lists the Student OU in Active Directory and staff have permission to reset passwords for the kids.

    Were having Sharepoint Server soon, so i'm wanting to make the staff portal be a one stop for any tasks they have to do, are there any web parts out there for this or any other web based tool that will do it.

    I've attached a screen shot of our existing program to do it, so you can see what i'm trying to achive web based.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,727
    Thank Post
    667
    Thanked 1,638 Times in 1,463 Posts
    Rep Power
    424
    Self Service Password reset has a web based tool as part of it's admin pages.

    This can be made available to staff based on membership of an AD group.

    This tool will be updated hopefully soon'ish to make it's functionality better because at the moment you have to type in the username perfectly.

    I wonder if Irazmus could seperate this as well so it could be used as a standalone tool in it's own right?

    Ben

  3. #3

    Join Date
    Dec 2007
    Posts
    149
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    16

    hta scripts seem to do the trick

    we found some .hta scripts that worked but we didn't use then because at the time we only had *nix web servers at the time. I think it was on Script guy on website.

  4. #4

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,930
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204
    Hi I removed the screenshot as having screenshot of student names on public website is not a good thing.

    Feel free to post image backup with student names removed.

    Regards

    Russell

  5. #5

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,807
    Thank Post
    3,320
    Thanked 1,056 Times in 977 Posts
    Rep Power
    365
    just want an email to this

  6. #6

    Join Date
    Jul 2007
    Location
    Nottingham
    Posts
    196
    Thank Post
    19
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    I've got a PHP script that works on 2003 domains that allows staff to reset passwords users in a selected OU (PM me if wanted).

    Only problem is that it can't do passthru authentication so you either need to code a generic account for reseting passwords () or force the users to provide authentication details.

  7. #7

    Join Date
    Dec 2007
    Posts
    149
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Here's the hta script I found. Sorry can't find the original source.
    Code:
     <html>
    <head>
    <title>Simple Active Directory User Management</title>
    <script>
    window.resizeTo(347,130)
    window.moveTo(330,220)
    </script>
    <HTA:APPLICATION
    ApplicationName="UserAdm.hta"
    singleInstance="yes"
    icon="c:\windows\msagent\agentsvr.exe"
    minimizebutton="no"
    maximizebutton="no"
    border="thick"
    borderStyle="sunken"
    sysMenu="yes"
    scroll="no"
    ></HTA:APPLICATION>
    </head>
    
    <HEAD>
    <SCRIPT language="vbscript">
    Sub bt1Go_onclick()
    
    '** Declarations:'
    Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, EROR, ABS
    Dim objNetwork, objShell, objFSO
    
    '** Objects:'
    Set objNetwork = CreateObject("WScript.Network")
    Set objShell = CreateObject("Wscript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    '** User/Domain:'
    OPR = objNetwork.UserName
    DM = objNetwork.UserDomain & "\"
    
    '** Type username for the user that needs password change:'
    USR = InputBox("Username:", "Create Temporary Active Directory User Password", _
    "Write Username Here")
    
    '** Prevent run-time errors:'
    On Error Resume Next
    
    '** NameTranslate constants:'
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1
    
    '** Combine the user name and domain name:'
    strNTName = DM & USR
    strNT2 = DM & OPR
    
    '** Translate operator name into DN:'
    Set objTrans2 = CreateObject("NameTranslate")
    objTrans2.Init ADS_NAME_INITTYPE_GC, ""
    objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
    strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
    Set objUser2 = GetObject("LDAP://" & strUserDN2)
    strUS3 = Mid(strUserDN2,4)
    strUS4 = Split(strUS3, ",")
    For i = LBound(strUS4) to UBound(strUS4)
    strNM2 = strUS4(i)
    Exit For
    Next
    
    '** Translate username into DN:'
    Set objTrans = CreateObject("NameTranslate")
    objTrans.Init ADS_NAME_INITTYPE_GC, ""
    objTrans.Set ADS_NAME_TYPE_NT4, strNTName
    If Err <> 0 Then
    ABS = 1
    End If
    
    '** Execute if object is found:'
    If ABS <> 1 Then
    strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
    
    '** Do LDAP bind to object:'
    Set objUser = GetObject("LDAP://" & strUserDN)
    
    '** Get full name:'
    strUS1 = Mid(strUserDN,4)
    strUS2 = Split(strUS1, ",")
    For i = LBound(strUS2) to UBound(strUS2)
    strNM = strUS2(i)
    Exit For
    Next
    
    '** Assign password and parameters:'
    If strNM <> "" Then
    TNP = "changeme" & Mid(objFSO.GetTempName,4,4)
    objUser.SetPassword TNP
    If Err <> 0 Then
    EROR = 1
    End If
    objUser.Put "pwdLastSet", 0
    objUser.IsAccountLocked = False
    objUser.SetInfo
    End If
    
    '** If no error, show new temporary password:'
    If EROR <> 1 Then
    MsgBox "New temporary password for " & UCase(USR) & " (" & strNM & "):" & _
    vbCrLf & vbCrLf & TNP & vbCrLf, 64, "New Password, configured by " & strNM2
    End If
    
    End If
    
    '** End if object not found:'
    If ABS = 1 Then
    MsgBox UCase(USR) & " was not found. Please try again.", _
    48, "Unknown Username"
    End If
    
    '** If no permission, give message:'
    If EROR = 1 Then
    MsgBox "You can not change password for this user.", _
    48, "Permission Denied"
    Wscript.Quit
    End If
    
    End Sub
    </SCRIPT>
    </HEAD>
    
    <HEAD>
    <SCRIPT language="vbscript">
    Sub bt2Go_onclick()
    
    '** Declarations:'
    Dim OPR, DM, USR, strNTName, strUserDN, strNM, objUser, TNP, DENY, POS, NEG
    Dim objNetwork, objShell
    
    '** Objects:'
    Set objNetwork = CreateObject("WScript.Network")
    Set objShell = CreateObject("Wscript.Shell")
    
    '** User/Domain:'
    OPR = objNetwork.UserName
    DM = objNetwork.UserDomain & "\"
    
    '** Write username for the user that needs to be enabled or disabled:'
    USR = InputBox("Username:", "Enable or Disable Active Directory User", _
    "Write Username Here")
    
    '** Prevent run-time errors:'
    On Error Resume Next
    
    '** Declare NameTranslate constants:'
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1
    
    '** Combine the user name and domain name:'
    strNTName = DM & USR
    strNT2 = DM & OPR
    
    '** Translate operator name into DN:'
    Set objTrans2 = CreateObject("NameTranslate")
    objTrans2.Init ADS_NAME_INITTYPE_GC, ""
    objTrans2.Set ADS_NAME_TYPE_NT4, strNT2
    strUserDN2 = objTrans2.Get(ADS_NAME_TYPE_1779)
    Set objUser2 = GetObject("LDAP://" & strUserDN2)
    strUS3 = Mid(strUserDN2,4)
    strUS4 = Split(strUS3, ",")
    For i = LBound(strUS4) to UBound(strUS4)
    strNM2 = strUS4(i)
    Exit For
    Next
    
    '** Translate name into DN:'
    Set objTrans = CreateObject("NameTranslate")
    objTrans.Init ADS_NAME_INITTYPE_GC, ""
    objTrans.Set ADS_NAME_TYPE_NT4, strNTName
    strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
    
    '** Do LDAP bind to object:'
    Set objUser = GetObject("LDAP://" & strUserDN)
    
    '** Get full name:'
    strUS1 = Mid(strUserDN,4)
    strUS2 = Split(strUS1, ",")
    For i = LBound(strUS2) to UBound(strUS2)
    strNM = strUS2(i)
    Exit For
    Next
    
    '** If no error, enable or disable user:'
    If Err = 0 Then
    Const ADS_UF_ACCOUNTDISABLE = 2
    intUAC = objUser.Get("userAccountControl")
    objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
    objUser.SetInfo
    If intUAC AND ADS_UF_ACCOUNTDISABLE Then
    POS = 1
    Else
    NEG = 1
    End If
    Else
    objShell.Popup UCase(USR) & " was not found. Please try again.", _
    5, "Unknown Username", 48
    Wscript.Quit
    End If
    
    '** If no permission, give message:'
    If Err = "-2147024891" Then
    DENY = 1
    objShell.Popup "You can not enable or disable this user.", _
    5, "Permission Denied", 48
    Wscript.Quit
    End If
    
    '** If no error, show result:'
    If DENY <> 1 Then
    If POS = 1 Then
    MsgBox UCase(USR) & " were successfully enabled.", _
    64, "User enabled by " & strNM2
    End If
    
    If NEG = 1 Then
    MsgBox UCase(USR) & " were successfully disabled.", _
    64, "User disabled by " & strNM2
    End If
    End If
    
    End Sub
    </SCRIPT>
    </HEAD>
    
    <body bgcolor="#003366">
    <table border="1" id="table1" bgcolor="#EEEEEE" bordercolorlight="#C0C0C0" bordercolordark="#666699" bordercolor="#C0C0C0">
    <tr>
    <td width="266"><b><font face="Verdana" size="2" color="#800000">Change User Password</font></b></td>
    <td align="center"><input type="button" value=" " name="bt1Go"></td>
    </tr>
    <tr>
    <td width="266"><b><font face="Verdana" size="2" color="#800000">Enable or Disable User</font></b></td>
    <td align="center"><input type="button" value=" " name="bt2Go"></td>
    </tr>
    </table>
    </body>
    </html>
    Last edited by cjohnsonuk; 5th September 2008 at 09:33 AM. Reason: added code tags

  8. Thanks to cjohnsonuk from:

    Sylv3r (5th September 2008)

  9. #8

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,177
    Thank Post
    217
    Thanked 1,291 Times in 801 Posts
    Blog Entries
    4
    Rep Power
    512
    cool, nice little script.

    however if you put code in the CODE tags (see the post editor) you can put it in a frame to take up less room.

  10. #9

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,215
    Thank Post
    372
    Thanked 380 Times in 338 Posts
    Rep Power
    148
    Thanks cjohnsonuk, that could be useful.

  11. #10

    Join Date
    Dec 2007
    Posts
    149
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    16

    next steps

    Next step I want to do is extend the web page the script creates so that they can type in search options (eg surname, first name, year or form) then click submit and it shows a list of student accounts from the AD that match the above. I'll probably use "location" for the class/form field and populate that in AD from an export in sims.

    I'd also like it to check when the password was last reset. We're planning on keeping that and "misdemeanors" stored in the notes part of the AD so that staff will get notification of "previous form" before confirming the password reset. Then once confirmed a new record/line for that password reset will be made in the notes field to try and stop time wasters or at least identify them.


    ChrisJ

SHARE:
+ Post New Thread

Similar Threads

  1. Web based remote access??
    By maniac in forum How do you do....it?
    Replies: 21
    Last Post: 4th February 2008, 09:56 PM
  2. Web Based Ordering System
    By mmoseley in forum Web Development
    Replies: 2
    Last Post: 27th May 2007, 02:50 PM
  3. Blacklist for web-based IM
    By uk101man in forum Wireless Networks
    Replies: 2
    Last Post: 22nd February 2007, 05:40 PM
  4. Web Based Email
    By saundersmatt in forum How do you do....it?
    Replies: 19
    Last Post: 14th February 2007, 01:49 PM
  5. Web Based E-mail Sever
    By secman in forum Windows
    Replies: 22
    Last Post: 17th October 2006, 09:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •