Uncheck the Password Never Expires Checkbox for an AD OU
Written by Cheyenne Harden
The lazy admin knew I had a script that would do something to a users acount. Somthing with the passsword. Well, I did. But not what he was asking for. So, I took the previous password script and changed it. Thanks to Guy Tomas for starting the ball rolling. I changed the script to uncheck the "password never expires" checkbox.
----------COPY EVERYTHING BELOW THIS LINE for the Script---------- ' Taken From PwdLastSet .vbs ' VBScript to uncheck password never expires ' Authors Guy Thomas http://computerperformance.co.uk/ and Cheyenne Harden www.lazynetworkadmin.com ' Original Version 1.1 - May 2005 Changed by Chey Harden for the Lazy Admin on 3.5.08 ' --------------------------------------------------------------'
On Error Resume Next
Dim objOU, objUser, objRootDSE Dim strContainer, strDNSDomain, strOU Dim intCounter, intPwdValue, intAccValue
'Choose the AD OU strOU = inputbox("Enter the number of the OU you would like to uncheck the Password Never Expires checkbox."_ & vbCr & "OU:" & vbCr & " 1 = test OU" & vbCr &" 2 = Support Companies OU" _ & vbCr & " 3 = Territory Managers OU")
If strOU = "" Then Wscript.Echo "You did not enter a number!" Wscript.Quit
Else ' Bind to Active Directory Domain Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' -------------------------------------------------------------' ' Important change OU= to reflect your domain ' -------------------------------------------------------------'
Select Case strOU Case 1 strContainer = "OU=test," Case 2 strContainer = "OU=Support Companies,ou=abccompany, " Case 3 strContainer = "OU=Users,OU=Territory Managers,ou=abccompany, "
End Select
strContainer = strContainer & strDNSDomain 'Wscript.Echo strContainer 'This line is for testing intCounter = 0 ' Here we force a change of password at next logon intPwdValue = 1 'Enable to have user reset their password intAccValue = 512 'PASSWORD_EXPIRED FLAG
' Loop through OU=, resetting all user accounts set objOU =GetObject("LDAP://" & strContainer ) For each objUser in objOU If objUser.class="user" then 'objUser.Put "PwdLastSet", intPwdValue objUser.Put "userAccountControl", intAccValue objUser.SetInfo End If intCounter = intCounter +1 Next
' Optional section to record how many accounts have been set WScript.Echo "Accounts changed = " & intCounter End If WScript.Quit
----------COPY EVERYTHING ABOVE THIS LINE for the Script----------
PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR SCRIPT!!!
1. Make sure to be an admin for the Domain. 2. Change the case statement below to match your domain. Case 1 strContainer = "OU=test," Case 2 strContainer = "OU=Support Companies,ou=abccompany, " Case 3 strContainer = "OU=Users,OU=Territory Managers,ou=abccompany, "
3. Uncomment the line below for error checking 'Wscript.Echo strContainer 'This line is for testing
4. Optionally, you can uncomment the line below to make the user reset their password at the next login. 'objUser.Put "PwdLastSet", intPwdValue
This information is provided "AS IS" with no warranties expressed or implied.
Knowledgebase 
