Change AD password

rhymejerky has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Change AD password by Marza (Vicar) on May 31, 2006 at 00:18 UTC
Do you mean a user changing his password? You might look here as it has good info about AD. Do look at the cookbook reference. It's a good book to have and the author did some Perl for it on his site.	[reply]
Re: Change AD password by gellyfish (Monsignor) on May 31, 2006 at 08:15 UTC
Microsoft have a useful repository of Perl snippets at http://www.microsoft.com/technet/scriptcenter/scripts/perl/prlindex.mspx unfortunately this does not have Perl versions of all the VBScript snippets, however the specific incantation you need to change the password in AD (in VBScript) is at http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/pwds/uspwvb02.mspx so I guess that the Perl version of that will be something like (untested): `use Win32::OLE; my $userobj = Win32::OLE->GetObject('LDAP://cn=myerken,ou=management,d +c=fabrikam,dc=com'); $userobj->ChangePassword('oldpass', 'newpass');` [download] Obviously you will need to change the details for the user. /J\	[reply] [d/l]
Re: Change AD password by Paladin (Vicar) on May 31, 2006 at 15:06 UTC
You can also do this from a non-Windows machine (without Win32). AD can be accessed through LDAP. I use the following at work. You'll have to change some of the specifics for your particular situation. (i.e. The DN, and the username and password to bind with) Note: This was cut from a larger script, so there may be a bit here or there missing. use strict; use warnings; use Net::LDAP; use Unicode::Map8; use Unicode::String qw(utf16); my $defaultpass = 'default'; my $cn = 'Person to Change'; my $baseDN = "OU=GENERAL USERS,OU=USERS,DC=FOO"; my $ldap = Net::LDAP->new( 'ldaps://ad.foo' ) or return; $ldap->bind( "cn=$uid,$baseDN", password => "$password"); my $searchDN = "OU=GENERAL USERS,OU=USERS,DC=FOO"; my $mesg = $ldap->search( # perform a search base => "$searchDN", filter => "(&(objectCategory=person)(cn=$cn +))", ); if ($mesg->entries != 1) { print "ERROR: Too many or too few users found"; $ldap->unbind; exit; } foreach my $entry ($mesg->entries) { # build the conversion map from your local character set to Unicod +e my $charmap = Unicode::Map8->new('latin1') or die; # surround the PW with double quotes and convert it to UTF-16 # byteswap() was necessary in experiments on i386 Linux, YMMV my $newUniPW = $charmap->tou(qq/"$newpass"/)->byteswap()->utf16(); $entry->replace(unicodePwd => $newUniPW); # Require pass change on next login $entry->replace(pwdLastSet => 0); # Update LDAP Entry my $msg = $entry->update($ldap); $msg->sync; if ($msg->is_error()) { print $msg->error_text(); $ldap->unbind; exit; } else { print "Password reset to $newpass"; } } [download]	[reply] [d/l]
Re^2: Change AD password by rhymejerky (Beadle) on May 31, 2006 at 17:35 UTC
I have used Net::LDAP to change password in Oracle Internet Directory and Sun1 Directory, but not AD. I am unsure about changing AD password via this module because of how AD password is encrypted. Were you able to do this using this module?	[reply]
Re^3: Change AD password by Paladin (Vicar) on May 31, 2006 at 19:01 UTC
I took this from a script that, among other things, changes users passwords in AD. It does work here.	[reply]