This script gives an example on how to use Python COM to instantiate an ADSI object and change a NT user's password.
| Python |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | import pythoncom
import win32com.client
class NTUser:
# Uses ADSI to change password under user privileges
def __init__(self, userid):
self.adsiNS = win32com.client.Dispatch('ADsNameSpaces')
Userpath = "WinNT://DOMAIN/" + userid + ",user"
self.adsNTUser = self.adsiNS.GetObject("", Userpath)
def reset(self, OldPasswd, NewPasswd):
self.adsNTUser.ChangePassword(OldPasswd, NewPasswd)
# You could use the following instead if you're running under admin privileges
# self.adsNTUser.SetPassword(NewPasswd)
print "NT Password change was successful."
try:
nt = NTUser(account)
nt.reset(OldPassword, NewPassword)
except pythoncom.com_error, (hr, msg, exc, arg):
scode = hex(exc[5])
print "NT Password change has failed."
if (scode == "0x8007005"):
print "Your NT Account is locked out."
elif (scode == "0x80070056"):
print "Invalid Old NT Password."
elif (scode == "0x800708ad"):
print "The specified NT Account does not exist."
elif (scode == "0x800708c5"):
print "Your new password cannot be the same as any of your previous passwords."
print "Your new password must also meet the domain's password uniqueness policy."
else:
print "ADSI Error - %s: %s, %s\n" % (hex(hr), msg, scode)
|
Discussion
This could be used to roll your own password change program. I am currently using it as part of a multiplatform password changing utility to help user's keep their passwords in sync.
Also goes to show that you don't need VBScript to manipulate ADSI!
Comments
Manipulating NT User Information with PERL (No ADSI). Does anyone have a library that will supply access to the NT User Database on an NT4 server that does not run ADSI?
TIA Adrian
Sign in to comment