Dear Perlmonks geeks,
I'm creating script which will do a password reset that will connect using LDAP in Windows 2012 R2. I have tried this below script and it work using Windows 2008 R2 LDAP connection but when I run this in Wndows 2012 R2 it says successful but the password did not change. Anyone using Windows 2012 LDAP connection to reset password? that can show how its done. Thanks
#!/usr/bin/perl -w
#
# changing user passwords in AD
#
use strict;
use warnings;
use Net::LDAP;
# module needed to encode AD password
use Unicode::String qw(utf8);
#
# ARGV is username password
my $username = $ARGV[0];
my $passwd = $ARGV[1];
my $result;
my $adsvr='twnlab.local';
my $adbinddn='cn=useradmin,ou=SERVICEDESK,ou=User,dc=twnlab,dc=local';
my $adpw='P@ssw0rd11';
# Connect to the AD server
#my $ad=Net::LDAP->new($adsvr, version=>3, scheme=>'ldaps', port=>636,
+) or die "can't connect to $adsvr: $@"); # For LDAP Windows 2008 R2
my $ad=Net::LDAP->new($adsvr, version=>3, scheme=>'ldap', port=>389,)
+or die "can't connect to $adsvr: $@"); # For LDAP Windows 2012 R2
# Bind as Administrator
$result=$ad->bind($adbinddn, password=>$adpw);
if ($result->code) {
LDAPerror ("binding",$result);
exit 1;
};
# check for username, get DN
$result = $ad->search(
base => "ou=User,ou=User,dc=twnlab,dc=local",
filter => "(samAccountName=$username)",
attrs => ['distinguishedName']
);
$result->code && die $result->error;
if ($result->entries != 1 ) { die "ERROR: User not found in AD: $usern
+ame" };
my $entry = $result->entry(0); # there can be only one
my $dn = $entry->get_value('distinguishedName');
my $unicodePwd = utf8(chr(34).${passwd}.chr(34))->utf16le();
# change password entries etc.
#$result = $ad->modify($dn, replace => {unicodePwd=> $unicodePwd,}); #
+password change for 2008 AD
$result = $ad->modify($dn, replace => {userPassword=> $unicodePwd,});
+#password change for 2012 AD
$result->code && die $result->error;
print "AD : SUCCESS: ${username} password changed.n";
$ad->unbind();
------------------------------------------------
Sharing the capture logs
When I execute the script it says SUCCESS in the local host windows.
C:\script\perl> changepassword.pl user1 P@ssw0rd1234
AD : SUCCESS: user1 password changed.n
C:\script\perl>
and when checking in the event security logs at Active Directory Windows 2012 R2 Operating system security logs nothing showing for eventID: 4723,4724,627,628
4723 - An attempt was made to change an account's password
4724 - An attempt was made to reset an accounts password
627 - Change Password Attempt
628 - User Account password set
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.