|
|
|||||||
I'm trying to use ADSI code in a Kixtart script, to set accounts so that the user must change the password at next login. Here is an article that shows how to do it in VBScript: Configuring a Password Change at Next Logon Requirement Here is the Kixtart code: code:This is the error that occurs on the line that says: $Domain.Put "pwdLastSet",0$Domain = GetObject("LDAP://" + $DN[0]) ERROR : unexpected command! Script: C:\KiX2001.421\test2.kix Line : 40 What do I need to do to make this work? [ 28. October 2003, 19:19: Message edited by: Everyone ] |
||||||||
|
|
|||||||
Try... code:$Domain = GetObject("LDAP://" + $DN[0]) |
||||||||
|
|
|||||||
Try using parens... $Domain.Put("pwdLastSet",0) |
||||||||
|
|
|||||||
Have you tried $Domain.Put('pwdLastSet',0) or $domain.pwdLastSet=0 ? |
||||||||
|
|
|||||||
I tried $Domain.Put("pwdLastSet",0), that didn't return an error, but it didn't set the attribute either. I will try $domain.pwdLastSet=0 |
||||||||
|
|
|||||||
$domain.pwdLastSet=0 doesn't return an error, however it doesn't set the attribute. |
||||||||
|
|
|||||||
Do this then: $ADSUser.Put("PasswordExpired", 1) $ADSUser.SetInfo |
||||||||
|
|
|||||||
quote:That gives an "expected expression!" error, unles I change $ADSUser to $Domain. If I change it to $Domain, it does nothing. |
||||||||
|
|
|||||||
This code works for me and has been verified via the GUI. Are you binding to the same DC with the script as you are with the GUI? [ 28. October 2003, 20:02: Message edited by: Howard Bullock ] |
||||||||
|
|
|||||||
Hmm, try this then. [ 28. October 2003, 20:04: Message edited by: Richard Farthing ] |
||||||||
|
|
|||||||
And do you have 2 domain controllers, maybe you need to do a manual replication. |
||||||||
|
|
|||||||
scary how you boys got same time there in the initial replies... |
||||||||
|
|
|||||||
Ahh I didn't even think to check the error message.. I know why it isn't working now.. SetInfo: -2147352567 COM exception error "SetInfo" (Active Directory - General access denied error) [-2147352567/80020009] Our AD is set up weird. We have to use this Enterprise Directory Manager tool to make any changes now. The tool is bound to an account... and the account it is bound to is the only one that has access to make changes to objects in the directory. I completely forgot about that. |