Hi,
I kept it when posted... here it is
Forest wide DSRM password reset script / Dean Wells / MSEtechnology / Jun. 2005
Thanks Dean for the tool BTW.
> -----Message d'origine-----
> De : [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] De la part de Hunter, Laura E.
> Envoyé : Friday, August 05, 2005 1:41 PM
> À : ActiveDir@mail.activedir.org
> Objet : RE: [ActiveDir] Changing a authoritative restore password on a DC
>
> Dean sent a script to the list awhile ago that will change it for all
> DCs...
>
> ...
>
> *digs around* I know it's here somewhere.
>
>
> Hah!
>
>
>
> > -----Original Message-----
> > From: Medeiros, Jose [mailto:[EMAIL PROTECTED]
> > Sent: Friday, August 05, 2005 1:30 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: [ActiveDir] Changing a authoritative restore password on a DC
> >
> > Greetings,
> >
> > Quick question, does any one ever change their initial
> > password used when they installed Active Directory? If so do
> > you use a third party tool to automate the password change
> > across all the controllers or is this some thing that is
> > easily scriptable?
> >
> >
> >
> > Sincerely,
> >
> > Jose Medeiros
> > 408-449-6621 Cell
> >
> >
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
:: Forest wide DSRM password reset script / Dean Wells / MSEtechnology / Jun.
2005
:: Script determines all DCs within a specified forest and resets their DSRM
password to the supplied value
:: - script depends upon SETPWD.EXE found ONLY in Windows 2000
@echo off
if "%1"=="SPAWNRESET" goto :SPAWNRESET
if "%2"=="" goto :HELP
if "%2"=="/?" goto :HELP
if not "%3"=="" goto :HELP
setlocal ENABLEDELAYEDEXPANSION
cls
echo/
:: Locate critical executables
for %%e in (setpwd.exe ldifde.exe find.exe mode.com) do (
set where="%%~$PATH:e"
if "!where!"=="""" (
echo ERROR - Required executable, "%%e", not located within the
path
goto :EOF
)
)
set DSADNS=
set FQDN=%1
set ROOT=dc=%fqdn:.=,dc=%
set PWD=%2
echo STATUS - Attempting DSRM reset on all DCs within Forest "%FQDN%" ...
echo/
echo * Running on %COMPUTERNAME%
echo * Obtaining list of Domain Controllers from "%ROOT%"
echo/
ldifde -j %TEMP% -s %FQDN% -d cn=configuration,%ROOT% -r (objectClass=server)
-l dnshostname -f %TEMP%\servers.log >nul
if errorlevel 1 (
echo ERROR - LDAP query failed enumerating list of Domain Controllers
goto :EOF
)
title DSRM forest-wide password reset ...
:: Parse the servers and trigger all processes
for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i
"dnshostname: "') do (
set DSADNS=%%h
if not "!DSADNS!"=="" (
call :SPAWNRESET !DSADNS!
)
)
:: All done
echo/
echo STATUS - Process complete.
title Command Prompt
goto :EOF
:SPAWNRESET
set /p = - !DSADNS! ... <nul
setpwd /s:%1 /p:%PWD% >nul
if not errorlevel 1 (
echo SUCCEEDED
) else (
echo FAILED^!
)
goto :EOF
:HELP
echo/
echo SYNTAX - %0 ^<Forest Root FQDN^> ^<DSRM password^>
echo/
echo PURPOSE - Script determines all DCs in the supplied forest and
echo resets their DSRM password to the supplied value.
echo/
echo * Requires Windows 2000 SETPWD.EXE within path
echo * Requires sufficient security context
goto :EOF
