[windows2000] Re: Resetting Password Expiration
- From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 21 May 2004 14:43:16 -0400
I would remove the "On errors resume next" line if you want it to generate
errors.
Add this line:
wscript.echo objuser.name & " Has just been changed"
after the .setinfo line, and you will get a listing on the screen every time
that a user is modified...
As to "see"ing the changes, make a script called "replicatenow" and paste in
this code:
<------start indented code------------>
Option Explicit
Dim objRootDSE, objOU, comDLL
Dim strDomainName
Dim objDomainController, objDomainController2
Dim intResult
Set objRootDSE = GetObject("LDAP://rootDSE";)
strDomainName = objRootDSE.Get("defaultNamingContext")
wscript.echo "Beginning Synch for " & strDomainName
WScript.Echo "---------------------------------------------------"
WScript.Echo
Set objOU = GetObject("LDAP://OU=Domain Controllers," & strDomainName)
Set comDLL = CreateObject("IADsTools.DCFunctions")
For Each objDomainController In objOU
For Each objDomainController2 In objOU
If objDomainController.cn <> objDomainController2.cn Then
WScript.echo " Requesting Synch between " &
objDomainController.cn & " and " & objDomainController2.cn
intResult =
comDLL.ReplicaSync(CStr(objDomainController.cn), CStr(strDomainName),
CStr(objDomainController2.cn))
If intResult=0 Then
wscript.echo " Completed successfully."
Else
wscript.echo " Failed " &
comDLL.LastErrorText
End If
WScript.Echo
End If
Next
Next
<--------End indented code------------->
Since I know that is going to get borked up by line wraps:
<------start unindented code------------>
1. Option Explicit
2. Dim objRootDSE, objOU, comDLL
3. Dim strDomainName
4. Dim objDomainController, objDomainController2
5. Dim intResult
6. Set objRootDSE = GetObject("LDAP://rootDSE";)
7. strDomainName = objRootDSE.Get("defaultNamingContext")
8. wscript.echo "Beginning Synch for " & strDomainName
9. WScript.Echo "---------------------------------------------------"
10. WScript.Echo
11. Set objOU = GetObject("LDAP://OU=Domain Controllers," & strDomainName)
12. Set comDLL = CreateObject("IADsTools.DCFunctions")
13. For Each objDomainController In objOU
14. For Each objDomainController2 In objOU
15. If objDomainController.cn <> objDomainController2.cn Then
16. WScript.echo " Requesting Synch between " & objDomainController.cn & " and
" & objDomainController2.cn
17. intResult = comDLL.ReplicaSync(CStr(objDomainController.cn),
CStr(strDomainName), CStr(objDomainController2.cn))
18. If intResult=0 Then
19. wscript.echo " Completed successfully."
20. Else
21. wscript.echo " Failed " & comDLL.LastErrorText
22. End If
23. WScript.Echo
24. End If
25. Next
26. Next
<--------End unindented code------------->
Each line starts with a new line number, so if you find a line with no number
(maybe after lines 16 and 17) simply "unwrap" them.
You will need to register the IADStools.dll file, which is either in the
resource kit or the support.cab file...
HTH,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Puetz, Christoph
Posted At: Friday, May 21, 2004 2:11 PM
Posted To: Windows 2000
Conversation: [windows2000] Re: Resetting Password Expiration
Subject: [windows2000] Re: Resetting Password Expiration
Thanks. The script runs not giving errors. I do not see changes yet. Is
there an easy to create a log file, too?
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn
Sent: Friday, May 21, 2004 12:04 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Resetting Password Expiration
Good eyes Jeff...
the If line should read:
If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD)<>0 Then
Sorry,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Jeff Malczewski Posted
At: Friday, May 21, 2004 1:46 PM Posted To: Windows 2000
Conversation: [windows2000] Re: Resetting Password Expiration
Subject: [windows2000] Re: Resetting Password Expiration
Same thing, just the LDAP version instead of the WINNT version.. I also
have the IADS version handy if anyone wants that, too...
It would seem to me in your IF statement, though, that you forgot the <>
evaluation...
-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]
Sent: Friday, May 21, 2004 1:39 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Resetting Password Expiration
Here you go:
<----Start Indented Script--------->
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
On Error Resume Next
Set objOU = GetObject _
("LDAP://cn=Users,dc=DavidClark,dc=com";)
ObjOU.Filter= Array("user")
For Each objUser in objOU
lngFlag = objUser.Get("userAccountControl")
If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) 0 Then
lngFlag = lngFlag Xor ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userAccountControl", lngFlag
objUser.SetInfo
End If
Next
<-----End Indented Script--------->
If that gets all screwed up by line wraps, here is a version that is not
indented...
<----Start unindented Script--------->
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
On Error Resume Next
Set objOU = GetObject _
("LDAP://cn=Users,dc=DavidClark,dc=com";)
ObjOU.Filter= Array("user")
For Each objUser in objOU
lngFlag = objUser.Get("userAccountControl") If (lngFlag And
ADS_UF_DONT_EXPIRE_PASSWD) 0 Then lngFlag = lngFlag Xor
ADS_UF_DONT_EXPIRE_PASSWD objUser.Put "userAccountControl", lngFlag
objUser.SetInfo End If Next <-----End unindented Script--------->
Please make sure that you test on a couple of spare accounts in a test OU.
If the users are in a OU instead of the default "users" container, change
the LDAP connection string as follows:
("LDAP://ou=<OU Name>,dc=<DomainName>,dc=com")
Using "ou=" for organizational units, and "cn=" for default containers.
HTH,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Puetz, Christoph
Posted At: Friday, May 21, 2004 1:23 PM Posted To: Windows 2000
Conversation: [windows2000] Resetting Password Expiration
Subject: [windows2000] Resetting Password Expiration
Is there an easy to remove the password expiration (to not expire) on 500
users with a script? We're finally allowed to have passwords expire and
force users to change it. I do not want to click 500 check boxes to uncheck
this setting in AD.
Christoph
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
