You want to set the password for a user.
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, right-click on the user and select Reset Password.
Enter and confirm the new password.
This command changes the password for the user specified by <UserDN>. Using * after the -pwd option prompts you for the new password. You can replace * with the password you want to set, but it is not a good security practice since other users that are logged into the machine may be able to see it.
> dsmod user <UserDN> -pwd *
' This code sets the password for a user. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com strNewPasswd = "NewPasword" ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) objUser.SetPassword(strNewPasswd) Wscript.Echo "Password set for " & objUser.Get("cn")
The password for a user is stored in the unicodePwd attribute. You cannot directly modify that attribute, but have to use one of the supported APIs. See Recipe 6.18 to see how to set the password using native LDAP and Recipe 6.19 for changing the password via Kerberos.
With the VBScript solution, you can use the IADsUser::SetPassword method or IADsUser::ChangePassword. The latter requires the existing password to be known before setting it. This is the method you'd want to use if you've created a web page that accepts the previous password before allowing a user to change it.
Recipe 6.18 for setting the password via LDAP, Recipe 6.19 for setting the password via Kerberos, MS KB 225511 (New Password Change and Conflict Resolution Functionality in Windows), MS KB 264480 (Description of Password-Change Protocols in Windows 2000), MSDN: IADsUser::SetPassword, and MSDN: IADsUser::ChangePassword