Scripting Question

[TheBigEye]

I originally put this in the wrong forum.... my apologies.

I have a script that I put together from resources on the net and it works.... well partially works. I need to reset the password for about 230 user accounts. If I put all of the accounts in the same OU, then the script I have will work... the problem is that all of the users are not in the same OU. They are all in a child OU of the root OU. IE: domain.local and then I have OU1, ou2, ou3, ou4 (ou2, 3 and 4 are child OU's of OU1). I tried to modify the script to drill down, but run into errors each time.... anyway... here's the script... anybody see any problems??? As is pasted below works, but only on the main OU.... I can't seem to figure out how to get it to drill down to the child OU's.

' --------------------------------------------------------------' 
Option Explicit
Dim objOU, objUser, objRootDSE, objShell
Dim strContainer, strLastUser, strDNSDomain, strPassword 
Dim intPwdValue, intCounter, intAccValue

' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("DefaultNamingContext") 

strContainer = "OU=Students, "
strPassword = "TRq@d2008"
intAccValue = 512
strContainer = strContainer & strDNSDomain

set objOU =GetObject("LDAP://" & strContainer )
intCounter = 0
	For each objUser in objOU
		  If objUser.class="user" then
		  objUser.Put "userAccountControl", intAccValue
		  objUser.SetInfo
		  intCounter = intCounter +1
		  strLastUser = objUser.Get ("name")
		  End if
	   next
intPwdValue = 0 

set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU
If objUser.class="user" then
objUser.SetPassword strPassword
objUser.Put "PwdLastSet", intPwdValue
objUser.SetInfo
End If
Next 

'Set objShell=CreateObject("WScript.Shell")
'objShell.Run "%systemroot%\system32\dsa.msc"
WScript.Echo intCounter & " Accounts Enabled. Value " _
& intAccValue

WScript.Quit

[IcemanND]

this will list all the users in an OU and it's sub OU's. A little modification of it or yours and you should be set.

On Error Resume Next

 Const ADS_SCOPE_SUBTREE = 2

 Set objConnection = CreateObject("ADODB.Connection")
 Set objCommand =   CreateObject("ADODB.Command")
 objConnection.Provider = "ADsDSOObject"
 objConnection.Open "Active Directory Provider"
 Set objCommand.ActiveConnection = objConnection

 objCommand.Properties("Page Size") = 1000
 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

 objCommand.CommandText = _
	 "SELECT Name FROM 'LDAP://ou=finance,dc=fabrikam,dc=com' WHERE objectCategory='user'"  
 Set objRecordSet = objCommand.Execute

 objRecordSet.MoveFirst
 Do Until objRecordSet.EOF
	 Wscript.Echo objRecordSet.Fields("Name").Value
	 objRecordSet.MoveNext
 Loop

Also you seem to have some duplicated work going on in your script. This could be simplified

set objOU =GetObject("LDAP://" & strContainer )
 intCounter = 0
	 For each objUser in objOU
		   If objUser.class="user" then
		   objUser.Put "userAccountControl", intAccValue
		   objUser.SetInfo
		   intCounter = intCounter +1
		   strLastUser = objUser.Get ("name")
		   End if
		next
 intPwdValue = 0

 set objOU =GetObject("LDAP://" & strContainer )
 For each objUser in objOU
 If objUser.class="user" then
 objUser.SetPassword strPassword
 objUser.Put "PwdLastSet", intPwdValue
 objUser.SetInfo
 End If
 Next

to this:

set objOU =GetObject("LDAP://" & strContainer )
 intCounter = 0
	 For each objUser in objOU
		   If objUser.class="user" then
			   objUser.Put "userAccountControl", intAccValue
			   objUser.SetPassword strPassword
			   objUser.Put "PwdLastSet", intPwdValue
			   objUser.SetInfo
			   intCounter = intCounter +1
			   strLastUser = objUser.Get ("name")  ' not sure what this is doing here.  seems to not be use anywhere else
		   End if
		next
 intPwdValue = 0

[TheBigEye]

Where does your script set a password and then force the user to change the password as well as enable the account?

[IcemanND]

My script at the top of my last post does not. It was just an example of a way to get all of the users in an OU and its sub OU's, pulled off of the Scripting Guys web site, from the questions they have answered in the past.

http://www.microsoft.com/technet/scriptcen...05/hey1013.mspx

Some incorporation and modification of scripts would still be required.

Set password to expire:

http://www.microsoft.com/technet/scriptcen...07/hey0516.mspx

Set new password:

http://www.microsoft.com/technet/scriptcen...06/hey1214.mspx