Ravindra Kulkarni
Problem
You want to set the password for a user.
Solution
Using a graphical user interface
- Open the ADUC snap-in.
- In the left pane, right-click on the domain and select Find.
- Select the appropriate domain beside In.
- Type the name of the user beside Name and click Find Now.
- In the Search Results window, right-click on the user and select Reset Password.
- Enter and confirm the new password.
- Click OK.
Using a command-line interface
This command changes the password for the user specified by <UserDN>.Using * after the -pwd option prompts you for the new password. You can replace * with the password you want to set, but it is not a good security practice since other users that are logged into the machine may be able to see it.
> dsmod user <UserDN> -pwd *
You can also use admod with the #setpwd# switch, as follows:
> admod -b “<UserDN>” #setpwd#::<NewPassword>
You can also modify the unicodepwd attribute directly by encrypting the admod connection using the kerbenc switch, as follows:
> admod b “<UserDN>” unicodepwd::<Password> -kerbenc
Using VBScript
‘ This code sets the password for a user.
‘ —— SCRIPT CONFIGURATION ——
strUserDN = “<UserDN>” ‘ e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
strNewPasswd = “<NewPasword>”
‘ —— END CONFIGURATION ——–
set objUser = GetObject(“LDAP://” & strUserDN)
objUser.SetPassword(strNewPasswd)
Wscript.Echo “Password set for ” & objUser.Get(“cn”)
Discussion
A one-way hash of a user’s password is stored in the unicodePwd attribute. There are several supported methods to modify this attribute directly, or you can use one of the supported APIs to do so.
With the VBScript solution, you can use the IADsUser::SetPassword method or IADsUser:: ChangePassword. The latter requires the existing password to be known before setting it. This is the method you’d want to use if you’ve created a web page that accepts the previous password before allowing a user to change it.
IgNiTeD SoUL 