Recipe 6.17 Setting a User's Password
You want to set the password for a user.
188.8.131.52 Using a graphical user interface
184.108.40.206 Using a command-line interface
This command changes the password for the user specified by <UserDN>. Using * after the -pwd option prompts you for the new password. You can replace * with the password you want to set, but it is not a good security practice since other users that are logged into the machine may be able to see it.
> dsmod user <UserDN> -pwd *
220.127.116.11 Using VBScript
' This code sets the password for a user. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com strNewPasswd = "NewPasword" ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) objUser.SetPassword(strNewPasswd) Wscript.Echo "Password set for " & objUser.Get("cn")
The password for a user is stored in the unicodePwd attribute. You cannot directly modify that attribute, but have to use one of the supported APIs. See Recipe 6.18 to see how to set the password using native LDAP and Recipe 6.19 for changing the password via Kerberos.
With the VBScript solution, you can use the IADsUser::SetPassword method or IADsUser::ChangePassword. The latter requires the existing password to be known before setting it. This is the method you'd want to use if you've created a web page that accepts the previous password before allowing a user to change it.
6.17.4 See Also
Recipe 6.18 for setting the password via LDAP, Recipe 6.19 for setting the password via Kerberos, MS KB 225511 (New Password Change and Conflict Resolution Functionality in Windows), MS KB 264480 (Description of Password-Change Protocols in Windows 2000), MSDN: IADsUser::SetPassword, and MSDN: IADsUser::ChangePassword