Dear Perlmonks geeks,

I'm creating script which will do a password reset that will connect using LDAP in Windows 2012 R2. I have tried this below script and it work using Windows 2008 R2 LDAP connection but when I run this in Wndows 2012 R2 it says successful but the password did not change. Anyone using Windows 2012 LDAP connection to reset password? that can show how its done. Thanks

#!/usr/bin/perl -w
#
# changing user passwords in AD
#
use strict;
use warnings;
use Net::LDAP;
# module needed to encode AD password
use Unicode::String qw(utf8);
#
# ARGV is username password
my $username = $ARGV[0];
my $passwd = $ARGV[1];
my $result;

my $adsvr='twnlab.local';
my $adbinddn='cn=useradmin,ou=SERVICEDESK,ou=User,dc=twnlab,dc=local';
my $adpw='P@ssw0rd11';

 
# Connect to the AD server
#my $ad=Net::LDAP->new($adsvr, version=>3, scheme=>'ldaps', port=>636,
+) or die "can't connect to $adsvr: $@"); # For LDAP Windows 2008 R2
my $ad=Net::LDAP->new($adsvr, version=>3, scheme=>'ldap', port=>389,) 
+or die "can't connect to $adsvr: $@"); # For LDAP Windows 2012 R2
  
# Bind as Administrator
$result=$ad->bind($adbinddn, password=>$adpw);
if ($result->code) {
  LDAPerror ("binding",$result);
  exit 1;
};
 
# check for username, get DN
$result = $ad->search(
                       base   => "ou=User,ou=User,dc=twnlab,dc=local",
                       filter => "(samAccountName=$username)",
                       attrs  => ['distinguishedName']
                       );
$result->code && die $result->error;
if ($result->entries != 1 ) { die "ERROR: User not found in AD: $usern
+ame" };
 
my $entry = $result->entry(0); # there can be only one
my $dn = $entry->get_value('distinguishedName');
 
my $unicodePwd = utf8(chr(34).${passwd}.chr(34))->utf16le();
 
# change password entries etc.
#$result = $ad->modify($dn, replace => {unicodePwd=> $unicodePwd,}); #
+password change for 2008 AD 
$result = $ad->modify($dn, replace => {userPassword=> $unicodePwd,}); 
+#password change for 2012 AD
 
$result->code && die $result->error;
print "AD  : SUCCESS: ${username} password changed.n";
 
$ad->unbind();

[download]

------------------------------------------------

Sharing the capture logs

When I execute the script it says SUCCESS in the local host windows.

C:\script\perl> changepassword.pl user1 P@ssw0rd1234
AD  : SUCCESS: user1 password changed.n
C:\script\perl>

[download]

and when checking in the event security logs at Active Directory Windows 2012 R2 Operating system security logs nothing showing for eventID: 4723,4724,627,628

4723 - An attempt was made to change an account's password
4724 - An attempt was made to reset an accounts password
627 - Change Password Attempt
628 - User Account password set

[download]

In reply to Resolved: It does not change password in LDAP Windows 2012 R2 by francism8

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.