Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: Change AD password

by Paladin (Priest)
on May 31, 2006 at 15:06 UTC ( #552818=note: print w/replies, xml ) Need Help??

in reply to Change AD password

You can also do this from a non-Windows machine (without Win32). AD can be accessed through LDAP. I use the following at work. You'll have to change some of the specifics for your particular situation. (i.e. The DN, and the username and password to bind with)

Note: This was cut from a larger script, so there may be a bit here or there missing.

use strict; use warnings; use Net::LDAP; use Unicode::Map8; use Unicode::String qw(utf16); my $defaultpass = 'default'; my $cn = 'Person to Change'; my $baseDN = "OU=GENERAL USERS,OU=USERS,DC=FOO"; my $ldap = Net::LDAP->new( 'ldaps://' ) or return; $ldap->bind( "cn=$uid,$baseDN", password => "$password"); my $searchDN = "OU=GENERAL USERS,OU=USERS,DC=FOO"; my $mesg = $ldap->search( # perform a search base => "$searchDN", filter => "(&(objectCategory=person)(cn=$cn +))", ); if ($mesg->entries != 1) { print "ERROR: Too many or too few users found"; $ldap->unbind; exit; } foreach my $entry ($mesg->entries) { # build the conversion map from your local character set to Unicod +e my $charmap = Unicode::Map8->new('latin1') or die; # surround the PW with double quotes and convert it to UTF-16 # byteswap() was necessary in experiments on i386 Linux, YMMV my $newUniPW = $charmap->tou(qq/"$newpass"/)->byteswap()->utf16(); $entry->replace(unicodePwd => $newUniPW); # Require pass change on next login $entry->replace(pwdLastSet => 0); # Update LDAP Entry my $msg = $entry->update($ldap); $msg->sync; if ($msg->is_error()) { print $msg->error_text(); $ldap->unbind; exit; } else { print "Password reset to $newpass"; } }

Replies are listed 'Best First'.
Re^2: Change AD password
by rhymejerky (Beadle) on May 31, 2006 at 17:35 UTC
    I have used Net::LDAP to change password in Oracle Internet Directory and Sun1 Directory, but not AD. I am unsure about changing AD password via this module because of how AD password is encrypted. Were you able to do this using this module?
      I took this from a script that, among other things, changes users passwords in AD. It does work here.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://552818]
[marto]: time for coffee

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (8)
As of 2018-05-21 08:16 GMT
Find Nodes?
    Voting Booth?