Craig Box's journeys, stories and notes...


Windows Administrator Challenge: Temporary password changes

I've yet to post something so sensational (or trollworthy, or just "noticed by Digg") to build up a loyal readership of thousands. I'm sure it'll come eventually. I need to do a couple of things: pimp myself to various Planets, and decide exactly what it is I write about. Generally, it's "things related to what I'm working on", which may or may not be of interest.

My last plea for help didn't turn anyone up. Here's another one that hopefully Google will one day turn up for someone who is bored and has the knowledge and skill to do this, or I'll get bored myself, and acquire the knowledge and skill to do it. Perhaps when it's cricket season again..

I want a simple add-on for the Active Directory Users & Computers MMC utility that does the following things:

  • Allows you to change a password for a user, and more importantly
  • Saves the original password, so you can reset it later.

No more will you have to ask a user for a password to log into their machine and fix something wrong with their specific profile or operating environment, or change their password and tell them to change it back when you're finished. The script will copy the crypted password to an unused LDAP attribute on the account, and then copy it back when finished - without ever having to know what the password is. By standard means, it's not possible to read the password hash out of AD, so I'm currently seeking help from the newsgroups.

Daniel Petri's help pages have examples on how to extend AD to add options to the context menu for a user, to run VB scripts.

Tags: , ,

Leave a Reply