I have the following script that pulls usernames from a text file and changes the password, flags it to be changed, then removes it from a group. The last to steps work great, but the change password only works on the first user account, then returns 438 errors. Any ideas on how to remedy this?
*********************************************************
on Error Resume Next
Const ForReading = 1
Const ADS_PROPERTY_DELETE = 4
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
Const User_Not_Found = -2147022675 'Error number for user not found
Const User_Not_Found2 = 424 'Error number for user not found
Const User_Not_Found3 = 91 'Error number for user not found
Const User_Not_Found4 = -2147467259 'Error number for user not found
Const User_Not_Found1 = -2147016651 'Automation error. The server is unwilling to process the request.
Const User_Not_Found5 = -2147022651 'Complicated password required.
Dim objNet
Dim ifso,MyFile2
Dim fso,MyFile,strContent
Dim Lines,j
Dim strPassword,strMessage,strTitle
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strGN, strDisplay, strLast, strLN, strDN
Dim MyArr
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strDNSDomain & ">"
'Change this to the Netbios Domain Name
strNetBiOSDomain = "AMTEST"
'*************************************************
' Prompt for Password *
'*************************************************
Set WSHShell = Wscript.CreateObject("Wscript.Shell")
strMessage = "Please enter the name of the file containing the usernames. Do not use the extention (i.e. .txt)"
strTitle = "File Name Input"
strUserFile = InputBox(strMessage,strTitle,"textfile", 5000, 2000)
'*********************************************
'Open file containing AD usernames *
'*********************************************
Set fso = CreateObject("Scripting.FileSystemObject")
Set MyFile = fs
penTextFile("C:\Migration Scripts\Input\" & strUserFile & ".txt", ForReading)
strContent = MyFile.ReadAll
MyFile.Close
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile ("C:\Migration Scripts\Input\" & strUserFile & ".txt", 1)
'*****************************
'Create success/fail log file*
'*****************************
Set ifso = CreateObject("Scripting.FileSystemObject")
Set MyFile2 = ifso.CreateTextFile("C:\Migration Scripts\Logs\" & strUserFile & ".log", True)
'*************************************************
' Prompt for Password *
'*************************************************
Set WSHShell = Wscript.CreateObject("Wscript.Shell")
strMessage = "Please enter the new Password for all Users"
strTitle = "Password Input"
strPassword = InputBox(strMessage,strTitle,"Enter Password", 5000, 2000)
'************************
'Extract items from list*
'************************
Lines = split(strContent, vbCrLf)
For j = 0 to UBound(Lines)
strUser = Lines(j)
MyFile2.WriteLine(strUser)
Set objUser = GetObject ("WinNT://amtest/" & strUser & ",user")
objUser.SetPassword strPassword
objUser.SetInfo
'*******************************************************
'Record results to log file *
'*******************************************************
If Err.Number <> 0 Then
Select Case Err.Number
Case User_Not_Found
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found2
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found1
MyFile2.WriteLine(vbTab & "Error: The server is unwilling to process the request.")
Case User_Not_Found5
WScript.Echo(vbTab & "Please restart script and use a proper password.")
MyFile2.Close
WScript.Quit
Case Else
MyFile2.WriteLine(vbTab & "Please Change password manually Error#: " & Err.Number)
End Select 'Error types
End If
if Err.Number = 0 then
MyFile2.WriteLine(vbTab & "Password has been changed to " & strPassword & vbTab & Time & " " & Date)
End If
Err.Clear
'*******************************************************
'Makes the user change Password at first logon *
'*******************************************************
' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")
objTrans.Set ADS_NAME_TYPE_NT4, strNetBiOSDomain & "\" & strUser
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the user object in Active Directory with the LDAP provider.
'On Error Resume Next
Set objUser = GetObject("LDAP://" & strUserDN)
objUser.Put "pwdLastSet", 0
objUser.SetInfo
objUser.Put "userAccountControl", 544
objUser.SetInfo
'*******************************************************
'Record results to log file *
'*******************************************************
If Err.Number <> 0 Then
Select Case Err.Number
Case User_Not_Found
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found2
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found4
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case Else
MyFile2.WriteLine(vbTab & "Please manually flag for password reset. Error#: " & Err.Number)
End Select 'Error types
End If
if Err.Number = 0 then
MyFile2.WriteLine(vbTab & "Must change password at next logon" & vbTab & Time & " " & Date)
End If
Err.Clear
'*******************************************************************
'Remove User account from group:CSC.CAM.GBL.TEMP_MIGRATION_ADMINS
'*******************************************************************
Set objGroup = GetObject ("LDAP://cn=CSC.CAM.GBL.TEMP_MIGRATION_ADMINS,ou=Groups,ou=CAM,ou=CSC,ou=US,dc=amtest,dc=cpbtest,dc=com")
objGroup.Remove ("LDAP://" & strUserDN)
If Err.Number <> 0 Then
Select Case Err.Number
Case User_Not_Found
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found2
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found3
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found1
MyFile2.WriteLine(vbTab & "User was not in the Group!")
Case Else
MyFile2.WriteLine(vbTab & "Please manually remove from group. Error#: " & Err.Number)
End Select 'Error types
End If
if Err.Number = 0 then
MyFile2.WriteLine(vbTab & "Has been removed from group: CSC.GBL.TEMP_MIGRATION_ADMINS")
End If
Err.Clear
MyFile2.WriteLine(vcrLF)
' Clean up.
objRootDSE.Clear
objTrans.Clear
objUser.Clear
objGroup.Clear
Err.number.Clear
strUserDN.Clear
strUser.Clear
WSHShell.clear
next
MyFile2.Close
WScript.Echo "Results have been written to C:\Migration Scripts\Logs\" & strUserFile & ".log"
'**************
'Open Log file*
'**************
Set WshShell = CreateObject("WScript.Shell")
Set oExec = WshShell.Exec("Notepad.exe C:\Migration Scripts\Logs\" & strUserFile & ".log")
strContent.clear
Lines.clear
j.clear
WSHShell.clear
WScript.Quit
Vince Grice
MCSE Win2K, NT; MCSA; MCP+I
I not only use all the brains I have, but all I can borrow.
- Woodrow Wilson
*********************************************************
on Error Resume Next
Const ForReading = 1
Const ADS_PROPERTY_DELETE = 4
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
Const User_Not_Found = -2147022675 'Error number for user not found
Const User_Not_Found2 = 424 'Error number for user not found
Const User_Not_Found3 = 91 'Error number for user not found
Const User_Not_Found4 = -2147467259 'Error number for user not found
Const User_Not_Found1 = -2147016651 'Automation error. The server is unwilling to process the request.
Const User_Not_Found5 = -2147022651 'Complicated password required.
Dim objNet
Dim ifso,MyFile2
Dim fso,MyFile,strContent
Dim Lines,j
Dim strPassword,strMessage,strTitle
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strGN, strDisplay, strLast, strLN, strDN
Dim MyArr
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strDNSDomain & ">"
'Change this to the Netbios Domain Name
strNetBiOSDomain = "AMTEST"
'*************************************************
' Prompt for Password *
'*************************************************
Set WSHShell = Wscript.CreateObject("Wscript.Shell")
strMessage = "Please enter the name of the file containing the usernames. Do not use the extention (i.e. .txt)"
strTitle = "File Name Input"
strUserFile = InputBox(strMessage,strTitle,"textfile", 5000, 2000)
'*********************************************
'Open file containing AD usernames *
'*********************************************
Set fso = CreateObject("Scripting.FileSystemObject")
Set MyFile = fs
penTextFile("C:\Migration Scripts\Input\" & strUserFile & ".txt", ForReading)strContent = MyFile.ReadAll
MyFile.Close
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile ("C:\Migration Scripts\Input\" & strUserFile & ".txt", 1)
'*****************************
'Create success/fail log file*
'*****************************
Set ifso = CreateObject("Scripting.FileSystemObject")
Set MyFile2 = ifso.CreateTextFile("C:\Migration Scripts\Logs\" & strUserFile & ".log", True)
'*************************************************
' Prompt for Password *
'*************************************************
Set WSHShell = Wscript.CreateObject("Wscript.Shell")
strMessage = "Please enter the new Password for all Users"
strTitle = "Password Input"
strPassword = InputBox(strMessage,strTitle,"Enter Password", 5000, 2000)
'************************
'Extract items from list*
'************************
Lines = split(strContent, vbCrLf)
For j = 0 to UBound(Lines)
strUser = Lines(j)
MyFile2.WriteLine(strUser)
Set objUser = GetObject ("WinNT://amtest/" & strUser & ",user")
objUser.SetPassword strPassword
objUser.SetInfo
'*******************************************************
'Record results to log file *
'*******************************************************
If Err.Number <> 0 Then
Select Case Err.Number
Case User_Not_Found
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found2
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found1
MyFile2.WriteLine(vbTab & "Error: The server is unwilling to process the request.")
Case User_Not_Found5
WScript.Echo(vbTab & "Please restart script and use a proper password.")
MyFile2.Close
WScript.Quit
Case Else
MyFile2.WriteLine(vbTab & "Please Change password manually Error#: " & Err.Number)
End Select 'Error types
End If
if Err.Number = 0 then
MyFile2.WriteLine(vbTab & "Password has been changed to " & strPassword & vbTab & Time & " " & Date)
End If
Err.Clear
'*******************************************************
'Makes the user change Password at first logon *
'*******************************************************
' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")
objTrans.Set ADS_NAME_TYPE_NT4, strNetBiOSDomain & "\" & strUser
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the user object in Active Directory with the LDAP provider.
'On Error Resume Next
Set objUser = GetObject("LDAP://" & strUserDN)
objUser.Put "pwdLastSet", 0
objUser.SetInfo
objUser.Put "userAccountControl", 544
objUser.SetInfo
'*******************************************************
'Record results to log file *
'*******************************************************
If Err.Number <> 0 Then
Select Case Err.Number
Case User_Not_Found
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found2
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found4
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case Else
MyFile2.WriteLine(vbTab & "Please manually flag for password reset. Error#: " & Err.Number)
End Select 'Error types
End If
if Err.Number = 0 then
MyFile2.WriteLine(vbTab & "Must change password at next logon" & vbTab & Time & " " & Date)
End If
Err.Clear
'*******************************************************************
'Remove User account from group:CSC.CAM.GBL.TEMP_MIGRATION_ADMINS
'*******************************************************************
Set objGroup = GetObject ("LDAP://cn=CSC.CAM.GBL.TEMP_MIGRATION_ADMINS,ou=Groups,ou=CAM,ou=CSC,ou=US,dc=amtest,dc=cpbtest,dc=com")
objGroup.Remove ("LDAP://" & strUserDN)
If Err.Number <> 0 Then
Select Case Err.Number
Case User_Not_Found
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found2
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found3
MyFile2.WriteLine(vbTab & "Error: User does not exist!")
Case User_Not_Found1
MyFile2.WriteLine(vbTab & "User was not in the Group!")
Case Else
MyFile2.WriteLine(vbTab & "Please manually remove from group. Error#: " & Err.Number)
End Select 'Error types
End If
if Err.Number = 0 then
MyFile2.WriteLine(vbTab & "Has been removed from group: CSC.GBL.TEMP_MIGRATION_ADMINS")
End If
Err.Clear
MyFile2.WriteLine(vcrLF)
' Clean up.
objRootDSE.Clear
objTrans.Clear
objUser.Clear
objGroup.Clear
Err.number.Clear
strUserDN.Clear
strUser.Clear
WSHShell.clear
next
MyFile2.Close
WScript.Echo "Results have been written to C:\Migration Scripts\Logs\" & strUserFile & ".log"
'**************
'Open Log file*
'**************
Set WshShell = CreateObject("WScript.Shell")
Set oExec = WshShell.Exec("Notepad.exe C:\Migration Scripts\Logs\" & strUserFile & ".log")
strContent.clear
Lines.clear
j.clear
WSHShell.clear
WScript.Quit
Vince Grice
MCSE Win2K, NT; MCSA; MCP+I
I not only use all the brains I have, but all I can borrow.
- Woodrow Wilson
