Setting pasword to never expire on multiple user accounts in win 2k 
Author Message
 Setting pasword to never expire on multiple user accounts in win 2k

I am running a school network of 50 computers running windows 98 attached to
a windows 2000 server.  I need to change all the children's user account so
that the password never expires.  I have my users grouped into OU's by year
group and into class groups in the OU.

I Have managed to find a script that does the job I'm after, but now am
stuck on where to go from now.

The script sets the password to never expire.

How would I modify this script to apply to all the users in a certain group?

The Script-

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")

If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
    Wscript.echo "Already enabled"
Else
    objUser.Put "userAccountControl", intUAC XOR _
    ADS_UF_DONT_EXPIRE_PASSWD
    objUser.SetInfo
    WScript.echo "Password never expires is now enabled"
End If

What does the bit in red do?  Do I have to modify this to my servers
settings, if so what does CN, OU and DC mean?  I presume OU means
organisational Unit and DC means Domain Controller. I have my users grouped
into OU's by year group and into class groups in the OU.

I would be grateful for any help you can offer.

Marc McHale
Crofton Anne Dale Junior School
UK



Tue, 22 Feb 2005 02:05:21 GMT  
 Setting pasword to never expire on multiple user accounts in win 2k
I also support a small school network. First, cn is common
name, ou is Organizational Unit, and dc is Domain
Component. The domain controller name is seldom needed.

I coded my example to not echo messages, as that only
slows things down. I coded to set the flag for every user
object in a given OU.

Option Explicit
Dim objContainer, objUser, intUAC

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objContainer = GetObject
("LDAP://ou=Grade1,dc=MyDomain,dc=com")
objContainer.Filter = Array("user")
For Each objUser In objContainer
  intUAC = objUser.Get("UserAccountControl")
  If (ADS_UF_DONT_EXPIRE_PASSWD And intUAC) = 0 Then
    intUAC = intUAC Xor ADS_UF_DONT_EXPIRE_PASSWD
    objUser.Put "UserAccountControl", intUAC
    objUser.SetInfo
'    MsgBox objUser.Name & " will have flag set"
  End If
Next

Set objContainer = Nothing
Set objUser = Nothing

MsgBox "Done"

Experiment with the code first by commenting out the
objUser.SetInfo statement (put a ' in front of the line),
but have it echo which accounts will be set (I commented
out the line that tells you which users).

If you need to also test for group membership, you may
need more code.

Richard

Quote:
>-----Original Message-----
>I am running a school network of 50 computers running

windows 98 attached to
Quote:
>a windows 2000 server.  I need to change all the

children's user account so
Quote:
>that the password never expires.  I have my users grouped
into OU's by year
>group and into class groups in the OU.

>I Have managed to find a script that does the job I'm
after, but now am
>stuck on where to go from now.

>The script sets the password to never expire.

>How would I modify this script to apply to all the users
in a certain group?

>The Script-

>Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

>Set objUser = GetObject _
>    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
>intUAC = objUser.Get("userAccountControl")

>If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
>    Wscript.echo "Already enabled"
>Else
>    objUser.Put "userAccountControl", intUAC XOR _
>    ADS_UF_DONT_EXPIRE_PASSWD
>    objUser.SetInfo
>    WScript.echo "Password never expires is now enabled"
>End If

>What does the bit in red do?  Do I have to modify this to
my servers
>settings, if so what does CN, OU and DC mean?  I presume
OU means
>organisational Unit and DC means Domain Controller. I

have my users grouped

- Show quoted text -

Quote:
>into OU's by year group and into class groups in the OU.

>I would be grateful for any help you can offer.

>Marc McHale
>Crofton Anne Dale Junior School
>UK

>.



Tue, 22 Feb 2005 06:22:29 GMT  
 Setting pasword to never expire on multiple user accounts in win 2k
In this code example I set password never expires for all
user objects in the Grade1 OU that are also members of the
group Students. With the LDAP provider, the group name is
actually "cn=Students". I added funtions to test group
membership. To keep things simple, this will not work if
you have nested groups. If Jim is a member of the
group "Grade1", which in turn is a member of
group "Students", this function won't see that Jim is a
member of "Students". If you have nested groups, respond.

Option Explicit
Dim objContainer, objUser, intUAC, objGroupList

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objGroupList = CreateObject("Scripting.Dictionary")
Set objContainer = GetObject
("LDAP://ou=Students,ou=Parish,dc=Hilltop,dc=RLMueller,dc=n
et")
objContainer.Filter = Array("user")
For Each objUser In objContainer
  Call LoadGroups(objUser)
  If InGroup("cn=Students") Then
    intUAC = objUser.Get("UserAccountControl")
    If (ADS_UF_DONT_EXPIRE_PASSWD And intUAC) = 0 Then
      intUAC = intUAC Xor ADS_UF_DONT_EXPIRE_PASSWD
      objUser.Put "UserAccountControl", intUAC
'       MsgBox objUser.Name & " to be set"
      objUser.SetInfo
    End If
  End If
Next

Set objContainer = Nothing
Set objUser = Nothing
Set objGroupList = Nothing

MsgBox "Done"

Sub LoadGroups(objUsr)
  Dim objGroup
  objGroupList.CompareMode = vbTextCompare
  For Each objGroup In objUsr.Groups
    objGroupList(objGroup.Name) = True
  Next
End Sub

Function InGroup(strGroup)
  InGroup = objGroupList.Exists(strGroup)
End Function

Richard

Quote:
>-----Original Message-----
>I also support a small school network. First, cn is
common
>name, ou is Organizational Unit, and dc is Domain
>Component. The domain controller name is seldom needed.

>I coded my example to not echo messages, as that only
>slows things down. I coded to set the flag for every user
>object in a given OU.

>Option Explicit
>Dim objContainer, objUser, intUAC

>Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

>Set objContainer = GetObject
>("LDAP://ou=Grade1,dc=MyDomain,dc=com")
>objContainer.Filter = Array("user")
>For Each objUser In objContainer
>  intUAC = objUser.Get("UserAccountControl")
>  If (ADS_UF_DONT_EXPIRE_PASSWD And intUAC) = 0 Then
>    intUAC = intUAC Xor ADS_UF_DONT_EXPIRE_PASSWD
>    objUser.Put "UserAccountControl", intUAC
>    objUser.SetInfo
>'    MsgBox objUser.Name & " will have flag set"
>  End If
>Next

>Set objContainer = Nothing
>Set objUser = Nothing

>MsgBox "Done"

>Experiment with the code first by commenting out the
>objUser.SetInfo statement (put a ' in front of the line),
>but have it echo which accounts will be set (I commented
>out the line that tells you which users).

>If you need to also test for group membership, you may
>need more code.

>Richard
>>-----Original Message-----
>>I am running a school network of 50 computers running
>windows 98 attached to
>>a windows 2000 server.  I need to change all the
>children's user account so
>>that the password never expires.  I have my users
grouped
>into OU's by year
>>group and into class groups in the OU.

>>I Have managed to find a script that does the job I'm
>after, but now am
>>stuck on where to go from now.

>>The script sets the password to never expire.

>>How would I modify this script to apply to all the users
>in a certain group?

>>The Script-

>>Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

>>Set objUser = GetObject _

("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")

- Show quoted text -

Quote:
>>intUAC = objUser.Get("userAccountControl")

>>If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
>>    Wscript.echo "Already enabled"
>>Else
>>    objUser.Put "userAccountControl", intUAC XOR _
>>    ADS_UF_DONT_EXPIRE_PASSWD
>>    objUser.SetInfo
>>    WScript.echo "Password never expires is now enabled"
>>End If

>>What does the bit in red do?  Do I have to modify this
to
>my servers
>>settings, if so what does CN, OU and DC mean?  I presume
>OU means
>>organisational Unit and DC means Domain Controller. I
>have my users grouped
>>into OU's by year group and into class groups in the OU.

>>I would be grateful for any help you can offer.

>>Marc McHale
>>Crofton Anne Dale Junior School
>>UK

>>.

>.



Tue, 22 Feb 2005 06:53:40 GMT  
 Setting pasword to never expire on multiple user accounts in win 2k
I'm going to guess that the bit in red (which doesn't show
up) is the AdsPath in the GetObject statement. In Active
Directory Users & Computers, my domain looks like this:

Active Directory Users and Computers (server.Mydomain.edu)
|-MyDomain.edu
  |-Builtin
  |-Computers
  |-Domain Controllers
  |-Foreign Security  Principals
  |-School
  | |-Administration
  | |-Faculty
  | |-Students
  |-Users

To bind to the "Students" OU, I use:

Set objContainer = GetObject
("LDAP://ou=Students,ou=School,dc=MyDomain,dc=edu")

"Students" and "School" are OU's, but "Users" is a
container. To bind to the "users" container:

Set objContainer = GetObject
("LDAP://cn=users,dc=MyDomain,dc=edu")

In OU=Students, one of the user objects is bGin. To bind
to this:

Set objUser = GetObject
("LDAP://cn=bGin,ou=Students,ou=School,dc=MyDomain,dc=edu")

If bGin were in the "Users" container, I would use:

Set objUser = GetObject
("LDAP://cn=bGin,cn=users,dc=MyDomain,dc=edu")

I hope this helps.

Richard

Quote:
>-----Original Message-----
>I am running a school network of 50 computers running

windows 98 attached to
Quote:
>a windows 2000 server.  I need to change all the

children's user account so
Quote:
>that the password never expires.  I have my users grouped
into OU's by year
>group and into class groups in the OU.

>I Have managed to find a script that does the job I'm
after, but now am
>stuck on where to go from now.

>The script sets the password to never expire.

>How would I modify this script to apply to all the users
in a certain group?

>The Script-

>Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

>Set objUser = GetObject _
>    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
>intUAC = objUser.Get("userAccountControl")

>If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
>    Wscript.echo "Already enabled"
>Else
>    objUser.Put "userAccountControl", intUAC XOR _
>    ADS_UF_DONT_EXPIRE_PASSWD
>    objUser.SetInfo
>    WScript.echo "Password never expires is now enabled"
>End If

>What does the bit in red do?  Do I have to modify this to
my servers
>settings, if so what does CN, OU and DC mean?  I presume
OU means
>organisational Unit and DC means Domain Controller. I

have my users grouped

- Show quoted text -

Quote:
>into OU's by year group and into class groups in the OU.

>I would be grateful for any help you can offer.

>Marc McHale
>Crofton Anne Dale Junior School
>UK

>.



Tue, 22 Feb 2005 07:24:43 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. setting user accounts to expire

2. Set "Password never expires" on NT/2K User account using only WSH/VBSCRIPT!

3. Scripts to import lots of users to Win 2k

4. Multiple User Accounts using script

5. setting password to multiple account in AD

6. Script to set passwdAge to 0 for each user account

7. Setting Up and Changing User Accounts

8. Win2000 - setting up users and email accounts in active directory

9. automatic create user account, computer account in 2000 server

10. Change Service account User Account and Password

11. Help with creating list of User accounts and then determining Account status

12. Automate Account Expires property

 

 
Powered by phpBB® Forum Software