Hi, I kept it when posted... here it is Forest wide DSRM password reset script / Dean Wells / MSEtechnology / Jun. 2005
Thanks Dean for the tool BTW. > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] De la part de Hunter, Laura E. > Envoyé : Friday, August 05, 2005 1:41 PM > À : ActiveDir@mail.activedir.org > Objet : RE: [ActiveDir] Changing a authoritative restore password on a DC > > Dean sent a script to the list awhile ago that will change it for all > DCs... > > ... > > *digs around* I know it's here somewhere. > > > Hah! > > > > > -----Original Message----- > > From: Medeiros, Jose [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 05, 2005 1:30 PM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Changing a authoritative restore password on a DC > > > > Greetings, > > > > Quick question, does any one ever change their initial > > password used when they installed Active Directory? If so do > > you use a third party tool to automate the password change > > across all the controllers or is this some thing that is > > easily scriptable? > > > > > > > > Sincerely, > > > > Jose Medeiros > > 408-449-6621 Cell > > > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > >
:: Forest wide DSRM password reset script / Dean Wells / MSEtechnology / Jun. 2005 :: Script determines all DCs within a specified forest and resets their DSRM password to the supplied value :: - script depends upon SETPWD.EXE found ONLY in Windows 2000 @echo off if "%1"=="SPAWNRESET" goto :SPAWNRESET if "%2"=="" goto :HELP if "%2"=="/?" goto :HELP if not "%3"=="" goto :HELP setlocal ENABLEDELAYEDEXPANSION cls echo/ :: Locate critical executables for %%e in (setpwd.exe ldifde.exe find.exe mode.com) do ( set where="%%~$PATH:e" if "!where!"=="""" ( echo ERROR - Required executable, "%%e", not located within the path goto :EOF ) ) set DSADNS= set FQDN=%1 set ROOT=dc=%fqdn:.=,dc=% set PWD=%2 echo STATUS - Attempting DSRM reset on all DCs within Forest "%FQDN%" ... echo/ echo * Running on %COMPUTERNAME% echo * Obtaining list of Domain Controllers from "%ROOT%" echo/ ldifde -j %TEMP% -s %FQDN% -d cn=configuration,%ROOT% -r (objectClass=server) -l dnshostname -f %TEMP%\servers.log >nul if errorlevel 1 ( echo ERROR - LDAP query failed enumerating list of Domain Controllers goto :EOF ) title DSRM forest-wide password reset ... :: Parse the servers and trigger all processes for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i "dnshostname: "') do ( set DSADNS=%%h if not "!DSADNS!"=="" ( call :SPAWNRESET !DSADNS! ) ) :: All done echo/ echo STATUS - Process complete. title Command Prompt goto :EOF :SPAWNRESET set /p = - !DSADNS! ... <nul setpwd /s:%1 /p:%PWD% >nul if not errorlevel 1 ( echo SUCCEEDED ) else ( echo FAILED^! ) goto :EOF :HELP echo/ echo SYNTAX - %0 ^<Forest Root FQDN^> ^<DSRM password^> echo/ echo PURPOSE - Script determines all DCs in the supplied forest and echo resets their DSRM password to the supplied value. echo/ echo * Requires Windows 2000 SETPWD.EXE within path echo * Requires sufficient security context goto :EOF