Re: LDAP changePassword always returns error

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 06/11/05 

Date: Fri, 10 Jun 2005 20:47:43 -0400

I filtered this down to this basic example

p_DistinguishedName=wscript.arguments.item(0)
p_OldPassword=wscript.arguments.item(1)
p_NewPassword=wscript.arguments.item(2)

if p_DistinguishedName= "" then
        wScript.Quit
end if

set objUser = getObject("LDAP://" & p_distinguishedName)
if isObject(objUser) then
   objUser.ChangePassword p_OldPassword, p_NewPassword
   wscript.echo "Password change successful"
else
   wscript.echo "Didn't get a handle to the user object"
end if

This runs successfully for me

[Fri 06/10/2005 20:45:31.12]
G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Password change successful

[Fri 06/10/2005 20:45:51.69]
G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword2
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

G:\TEMP\pwd.vbs(12, 3) (null): The specified network password is not correct.

[Fri 06/10/2005 20:45:56.69]
G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com somenewpassword somenewpassword2
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Password change successful

[Fri 06/10/2005 20:46:09.47]
G:\TEMP>

What again are the exact errors you are seeing when running through vbscript,
not through a web page. Web pages add all sorts of screwed up issues that aren't
script related, but instead IIS and the IIS Script engine related.

    joe 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Tom wrote:
> Joe,
> 
> The code follows.  I've disabled error handling to show the error.
> 
> I based it off this script at Technet:
> http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/pwds/uspwvb02.mspx
> 
> I get the same error when I run the script as the user through a web page, 
> the user logged into the machine, or a domain administrator logged into the 
> machine.  However, forcing the password to be overwritten works fine when 
> logged in as a domain admin.
> 
> function changePassword(p_DistinguishedName, p_NewPassword, p_OldPassword)
> 
> 'on error resume next
> if p_DistinguishedName= "" then
> 	wScript.Quit
> end if
>   set objUser = getObject("LDAP://" & p_distinguishedName)
> 		if isObject(objUser) then
>                   'When run in the contect of a domain administrator, this 
> forces
>                   'the new password to overwrite the old.  It works fine.
> 	  'objUser.setPassword p_NewPassword 
> 
>                   'This is the line of code in question.  It's based off a 
> script in Technet's
>                   'script center.
> 	  objUser.ChangePassword p_OldPassword, p_NewPassword
>   else
>     strMsg = Server.URLEncode("Sorry, there was a problem processing your 
> password change.  <a href='changepassword.asp'>Please try again</a>.<p>If 
> this problem persists, please contact your administrator.")
>     response.redirect("confirm.asp?m=" & strMsg & "&e=1")  
>   end if
>   strMsg = Server.urlEncode("Password for user <b>" & 
> request.Form("username") & "</b> has been changed!")
>   response.redirect("confirm.asp?m=" & strMsg)
> 
> end function
> 
> "Joe Richards [MVP]" wrote:
> 
> 
>>Post the script
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Tom wrote:
>>
>>>I'm working on a script to change a user's password in an AD domain.
>>>
>>>Our problem is a script that uses the changePassword method to change a 
>>>user's password.  No matter how strong the new password is, we always return 
>>>an error that says the new password is either not unique or doesn't meet the 
>>>policy for strong passwords.  This script doesn't work when run as either the 
>>>user making the change or the domain administrator.
>>>
>>>I think this error is bogus; we have another script that  overwrites the 
>>>user's password with a strong random one (which runs in the context of the 
>>>domain admin), and that works fine.
>>

Relevant Pages

  • Re: LDAP changePassword always returns error
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Tom wrote:> This is really weird - I run the script as an administrator, and return an> empty error description with the error number -2147024810. ... p_NewPassword>> wscript.echo "Password change successful">>else>> wscript.echo "Didn't get a handle to the user object">>end if>> ... >>>>-->>Joe Richards Microsoft MVP Windows Server Directory Services>>www.joeware.net>> ...
    (microsoft.public.security)
  • Re: General Printing Issues (Default Printer)(Excel)(Outlook)
    ... printer script and see if the settings will stick. ... rights on the machine. ... Microsoft Windows Script Host Version 5.7 ... Copyright Microsoft Corporation. ...
    (microsoft.public.windows.vista.print_fax_scan)
  • Re: Win32_LogicalShareSecuritySetting not returning results
    ... Microsoft Windows Script Host Version 5.6 ... Copyright Microsoft Corporation 1996-2001. ... Additionally the win2k box has SP4 and windowsupdate is current ...
    (microsoft.public.win32.programmer.wmi)
  • adding disclaimer with visual basic SMTP transport event sink
    ... Microsoft Windows Script Host Version 5.6 ... Copyright Microsoft Corporation 1996-2001. ... Binding Display Name Specified: SMTPScriptingHost ...
    (microsoft.public.exchange.admin)
  • Re: File Browser
    ... > Because in the JScript 5.6 Documentation only FileSystemObject ... > Dictionary Object and Windows Script Host is described. ... All Microsoft COM components are documented in the MSDN library... ...
    (microsoft.public.scripting.jscript)
Loading