A. You can write an Active Server Pages (ASP) script that creates a password-change Web page. ASP gives you complete access to Microsoft Active Directory Service Interfaces (ADSI), which lets you perform a variety of functions, such as changing passwords or creating accounts. When you write such a script, you must consider factors such as the user account under which the script will run and the permissions you want to use when the script runs. The basic ADSI command to change a user's password is
set usr = GetObject("LDAP://CN=John
Savill,CN=Users,DC=savilltech,DC=com")
usr.put "userPassword", NewPassword
The first line (shown as two lines because of space constraints) assigns a handle to user John Savill in domain savilltech.com. The next line puts the text NewPassword into the userPassword attribute.
I've written a short ASP script called Changepass.asp that prompts the user to enter a username and password (remember to change the domain from savilltech.com to your domain). Changepass.asp, which is available at code , is listed below.
<%
strUserCN = request.form("cn")
strNewPassword = request.form("newpass")
strPassVerify = request.form("passverify")
if strUserCN="" then
response.write "<html><head><title>Change Password</title></head><body>"
response.write "<center><h1>Web Password Reset</h1></center>"
response.write "<hr><br><br><form method=post action=changepass.asp><table>"
response.write "<tr><td>CN: </td><td><input type=text name=cn></td><tr>"
response.write "<tr><td>New Password: </td><td><input type=password name=newpass></td></tr>"
response.write "<tr><td>Verify Password: </td><td><input type=password name=passverify></td></tr>"
response.write "<tr><td colspan=2 align=center><input type=submit value='Reset Password'></td></tr>"
response.write "</table></body></html>"
response.end
else
if strNewPassword = strPassVerify then
set usr = GetObject("LDAP://CN=" & strUserCN & ",CN=Users,DC=savilltech,DC=com")
usr.put "userPassword", strNewPassword
response.write "<html><head><title>Results</title></head><center><h1>Update Results</h1></center><hr><br><br>"
response.write strUserCN & ": password was successfully updated"
response.end
else
response.write "<html><head><title>Error!</title></head><body>"
response.write "<center><h1>An Error Has Occurred!</h1></center>"
response.write "<hr><br><br>"
response.write "The password and confirmation do not match. Please go back and try again."
response.end
end if
end if
%>
Windows Server 2003 provides its own Web pages for password changes, which I discuss in the FAQ "Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?". However, you might find the sample ASP script useful for creating password-change interfaces on your own Web pages or sites.
Reader Comments
I think this is very imformative and now I can use this for my project at school. I have to create a web site and I will be able to let people change their passwords on my site. Thanx
Farron Jasso -April 26, 2004
Your Script is not working....I wonder why?? this is what i am getting
The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be displayed.
--------------------------------------------------------------------------------
Please try the following:
Click the Refresh button, or try again later.
Open the cserver home page, and then look for links to the information you want.
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
--------------------------------------------------------------------------------
Technical Information (for support personnel)
Error Type:
(0x80072030)
/changepass.asp, line 20
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; DigExt; Hotbar 4.4.2.0)
Page:
POST 41 bytes to /changepass.asp
POST Data:
cn=affan&newpass=affan1&passverify=affan1
Time:
Wednesday, April 28, 2004, 10:51:54 AM
More information:
Microsoft Support
Affan -April 28, 2004
usr.put "userPassword", strNewPassword
should be changed to:
usr.ChangePasssword oldpassword, newpassword
So that AD will change (and encrypt) the user's password
You may want to check out the MSDN library's article on the IADsUser::ChangePassword function because the usr object is an IADSUser object.
http://msdn.microsoft.com/library/en-us/adsi/adsi/iadsuser_changepassword.asp
Erik Pitti -April 30, 2004
We thought about following this type of development in house for providing password changes, but found that we really needed to address the bigger issue - password resets and lockouts. Changing passwords were secondary to our problem. We spec'd out what our needs were by working with our help desk / IT team and decided we should look at commercial products to see what they offered before we set out to build this. We found a very cool product called Password Station by Avatier. Not only did this solve a security issue that we feared could put us in, but it installed in 30 minutes, had a great interface, built completely with .NET and supported AD along with some other platforms that we needed to connect and sync to. One of the other things that we liked was that if the end-user cannot get to a browser, they can make a call and get their password reset via the phone with Password Station. I say that if you don't have time to build this or want something that will solve your problems in a DAY - then get this. They gave us a free cost analysis that showed the payback in less than 2 months. We wanted to have something secure - and if NASA uses this then we figured it was beyond secure!
David Lee -May 05, 2004
This is great however, i would like to change the passwords for a user that can be within any OU. is there anyway of getting the users OU from the username entered on the web page?
briantrebs -October 11, 2004
Or better still a dropdown list of users in the domain?
briantrebs -October 11, 2004
IT DOES NOT WORK!! PLEASE TELL ME WHAT TO DO TO MAKE IT WORK
Anonymous User -July 19, 2005
I get an error at the set usr = ... line - is this down to permissions?
squarefish -January 03, 2006
I copy a asp code that works bwlow. However, I'm seeking for a code that user need to type there old password for verify the user. Hope anyone could tell what was wrong here?!
Thanks.
<%
strUserCN = request.form("cn")
strOpassword = request.form("oldpass")
strNewPassword = request.form("newpass")
strPassVerify = request.form("passverify")
if strUserCN="" then
response.write "
Free CDs Offer Fundamental Content for IT Pros Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
