Why not just create a custom MMC in author mode that only allows ADUC to set password, nothing else. It is possible to do. - Marc
_-_-_-_-_-_-_-_-_- -"During times of universal deceit, telling the truth becomes a revolutionary act." - George Orwell, 1984 _-_-_-_-_-_-_-_-_- Marc A. Mapplebeck, MCP/MCDST/N+/A+/CNA Owner, Shutterbug Productions & Consulting IT Manager, City Animal Hospital Ltd. MCP#: 3146827 CompTIA#: COMP001002835054 [EMAIL PROTECTED] [EMAIL PROTECTED] _-_-_-_-_-_-_-_-_- P: 506-471-7044 ICQ: 26743793 Yahoo!: mmapplebeck MSN: [EMAIL PROTECTED] _-_-_-_-_-_-_-_-_- This e-mail communication (including any or all attachments) is intended only for the use of the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action in reliance upon this e-mail, is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the original and any copy of this e-mail and any printout thereof, immediately. Your co-operation is appreciated. Le présent courriel (y compris toute pièce jointe) s'adresse uniquement à son destinataire, qu'il soit une personne ou un organisme, et pourrait comporter des renseignements privilégiés ou confidentiels. Si vous n'êtes pas le destinataire du courriel, il est interdit d'utiliser, de revoir, de retransmettre, de distribuer, de disséminer, de copier ou d'imprimer ce courriel, d'agir en vous y fiant ou de vous en servir de toute autre façon. Si vous avez reçu le présent courriel par erreur, prière de communiquer avec l'expéditeur et d'éliminer l'original du courriel, ainsi que toute copie électronique ou imprimée de celui-ci, immédiatement. Nous sommes reconnaissants de votre collaboration. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: April 12, 2006 04:46 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Changing a users password Net user command only works if you have full admin rights. I've google'd till 2am this morning, haven't found any free script that doesn't use the DN. Cant use ADUC as I'm afraid that, if they see what info they *could* change, that it will snowball and they will want to change it all. The whole reason for this is that I am out of the office more and more and users here have a massive issue with passwords. At the moment they right them down on a pad on the "receptionists" desk (I say receptionist, but this lady has been here longer than the earth has been turning, and I would rather she could generate a new random password with "change on next logon" for all the users in a given OU than have the passwords written on a pad on someones desk, admin users are in a diff OU). I'll keep hunting. Thanks for the help anyway. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: 12 April 2006 07:01 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Changing a users password Hi Oliver, First of all the receptionist needs to be delegated the rights to reset users passwords, as well as being made aware of the consequences (local credential cache of the users f.e.). To reset the password you can use commands like "net user username password /domain" or you can use AD-Tools like ADUC, "dsquery user domainroot -name whatever | dsmod -pwd newpass -mustchangepwd yes", or you can create your own script which searches for the user and changes password after asking for approval. Www.microsoft.com/technet/scriptcenter provides the examples you have to glue together for this. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214 C811 D |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Oliver |Marshall |Sent: Wednesday, April 12, 2006 1:56 AM |To: ActiveDir@mail.activedir.org |Subject: [ActiveDir] Changing a users password | |Hi, | |I want to create a script that will allow a user here to change the |password of any other user. | |I have found several examples, most based on the examples on the MS |site. Thing is, they all depend on knowing the Distinguished Name of |the user, and the poor old receptionist wont have a clue what that is. | |Can anyone help me with a script that will change the password of a |user just knowing the username of the user ? At the least I'm after |some code to find the DN of a user from their username, and I can then |use that with the code I already have (I think). | | |Thanks | |Olly |List info : http://www.activedir.org/List.aspx |List FAQ : http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
