Re: LDAP changePassword always returns error

From: Tom (Tom_at_discussions.microsoft.com)
Date: 06/13/05

  • Next message: Abut: "MS document encryption"
    Date: Mon, 13 Jun 2005 07:55:04 -0700
    
    

    This is really weird - I run the script as an administrator, and return an
    empty error description with the error number -2147024810.

    When I look that up in the Microsoft Knowledge Base, it looks like it's a
    SiteServer error, which isn't even installed on that server.

    "Joe Richards [MVP]" wrote:

    > I filtered this down to this basic example
    >
    > p_DistinguishedName=wscript.arguments.item(0)
    > p_OldPassword=wscript.arguments.item(1)
    > p_NewPassword=wscript.arguments.item(2)
    >
    >
    > if p_DistinguishedName= "" then
    > wScript.Quit
    > end if
    >
    > set objUser = getObject("LDAP://" & p_distinguishedName)
    > if isObject(objUser) then
    > objUser.ChangePassword p_OldPassword, p_NewPassword
    > wscript.echo "Password change successful"
    > else
    > wscript.echo "Didn't get a handle to the user object"
    > end if
    >
    >
    > This runs successfully for me
    >
    > [Fri 06/10/2005 20:45:31.12]
    > G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword
    > Microsoft (R) Windows Script Host Version 5.6
    > Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
    >
    > Password change successful
    >
    > [Fri 06/10/2005 20:45:51.69]
    > G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword2
    > Microsoft (R) Windows Script Host Version 5.6
    > Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
    >
    > G:\TEMP\pwd.vbs(12, 3) (null): The specified network password is not correct.
    >
    >
    > [Fri 06/10/2005 20:45:56.69]
    > G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com somenewpassword somenewpassword2
    > Microsoft (R) Windows Script Host Version 5.6
    > Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
    >
    > Password change successful
    >
    > [Fri 06/10/2005 20:46:09.47]
    > G:\TEMP>
    >
    >
    >
    >
    > What again are the exact errors you are seeing when running through vbscript,
    > not through a web page. Web pages add all sorts of screwed up issues that aren't
    > script related, but instead IIS and the IIS Script engine related.
    >
    > joe
    >
    >
    >
    >
    > --
    > Joe Richards Microsoft MVP Windows Server Directory Services
    > www.joeware.net
    >
    >
    > Tom wrote:
    > > Joe,
    > >
    > > The code follows. I've disabled error handling to show the error.
    > >
    > > I based it off this script at Technet:
    > > http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/pwds/uspwvb02.mspx
    > >
    > > I get the same error when I run the script as the user through a web page,
    > > the user logged into the machine, or a domain administrator logged into the
    > > machine. However, forcing the password to be overwritten works fine when
    > > logged in as a domain admin.
    > >
    > > function changePassword(p_DistinguishedName, p_NewPassword, p_OldPassword)
    > >
    > > 'on error resume next
    > > if p_DistinguishedName= "" then
    > > wScript.Quit
    > > end if
    > > set objUser = getObject("LDAP://" & p_distinguishedName)
    > > if isObject(objUser) then
    > > 'When run in the contect of a domain administrator, this
    > > forces
    > > 'the new password to overwrite the old. It works fine.
    > > 'objUser.setPassword p_NewPassword
    > >
    > > 'This is the line of code in question. It's based off a
    > > script in Technet's
    > > 'script center.
    > > objUser.ChangePassword p_OldPassword, p_NewPassword
    > > else
    > > strMsg = Server.URLEncode("Sorry, there was a problem processing your
    > > password change. <a href='changepassword.asp'>Please try again</a>.<p>If
    > > this problem persists, please contact your administrator.")
    > > response.redirect("confirm.asp?m=" & strMsg & "&e=1")
    > > end if
    > > strMsg = Server.urlEncode("Password for user <b>" &
    > > request.Form("username") & "</b> has been changed!")
    > > response.redirect("confirm.asp?m=" & strMsg)
    > >
    > > end function
    > >
    > > "Joe Richards [MVP]" wrote:
    > >
    > >
    > >>Post the script
    > >>
    > >>--
    > >>Joe Richards Microsoft MVP Windows Server Directory Services
    > >>www.joeware.net
    > >>
    > >>
    > >>Tom wrote:
    > >>
    > >>>I'm working on a script to change a user's password in an AD domain.
    > >>>
    > >>>Our problem is a script that uses the changePassword method to change a
    > >>>user's password. No matter how strong the new password is, we always return
    > >>>an error that says the new password is either not unique or doesn't meet the
    > >>>policy for strong passwords. This script doesn't work when run as either the
    > >>>user making the change or the domain administrator.
    > >>>
    > >>>I think this error is bogus; we have another script that overwrites the
    > >>>user's password with a strong random one (which runs in the context of the
    > >>>domain admin), and that works fine.
    > >>
    >


  • Next message: Abut: "MS document encryption"

    Relevant Pages

    • Re: printuientry
      ... you could put it into a logon script. ... The error did not occur as a network administrator. ... I've tried several variations on the command syntax and can not get it ... >> printer is already defined on a "local port", ...
      (microsoft.public.win2000.printing)
    • Re: Domain Users to have Local Admin rights
      ... make sure that your script works. ... this computer as local administrator and insert USB drive. ... startup script (e.g. OU policy or Default Domain Group Policy). ... Now close this windows and click on ...
      (microsoft.public.windows.server.security)
    • RE: Script or Other Method to Reboot
      ... > We need different privileges when using Shutdown command and shutdown the ... > that only administrator will use command to shutdown the computers. ... > we may need to compile the script. ...
      (microsoft.public.windowsxp.configuration_manage)
    • Re: Cmd Line adding users, Im sure it has been asked but....
      ... I can run it as the domain admin. ... Why not just use the builtin Administrator account as the local ... Just run a script that sets the builtin administrator account name to ...
      (microsoft.public.win2000.cmdprompt.admin)
    • Re: unable to sucessfully run the change local administrator scrip
      ... >> I copied a script from "The Scripting Guy from microsoft technet's website ... > As long as the Administrator account name is "Administrator", ... > Dim sUserSID, oWshNetwork, oUserAccount ...
      (microsoft.public.scripting.vbscript)