This script gives an example on how to use Python COM to instantiate an ADSI object and change a NT user's password.
Python, 37 lines
Download
Copy to clipboard1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | import pythoncom
import win32com.client
class NTUser:
# Uses ADSI to change password under user privileges
def __init__(self, userid):
self.adsiNS = win32com.client.Dispatch('ADsNameSpaces')
Userpath = "WinNT://DOMAIN/" + userid + ",user"
self.adsNTUser = self.adsiNS.GetObject("", Userpath)
def reset(self, OldPasswd, NewPasswd):
self.adsNTUser.ChangePassword(OldPasswd, NewPasswd)
# You could use the following instead if you're running under admin privileges
# self.adsNTUser.SetPassword(NewPasswd)
print "NT Password change was successful."
try:
nt = NTUser(account)
nt.reset(OldPassword, NewPassword)
except pythoncom.com_error, (hr, msg, exc, arg):
scode = hex(exc[5])
print "NT Password change has failed."
if (scode == "0x8007005"):
print "Your NT Account is locked out."
elif (scode == "0x80070056"):
print "Invalid Old NT Password."
elif (scode == "0x800708ad"):
print "The specified NT Account does not exist."
elif (scode == "0x800708c5"):
print "Your new password cannot be the same as any of your previous passwords."
print "Your new password must also meet the domain's password uniqueness policy."
else:
print "ADSI Error - %s: %s, %s\n" % (hex(hr), msg, scode)
|
This could be used to roll your own password change program. I am currently using it as part of a multiplatform password changing utility to help user's keep their passwords in sync.
Also goes to show that you don't need VBScript to manipulate ADSI!
Tags: sysadmin
Manipulating NT User Information with PERL (No ADSI). Does anyone have a library that will supply access to the NT User Database on an NT4 server that does not run ADSI?
TIA Adrian