Change passwords for all accounts with password older than 90 days
Top  Previous  Next


This example works on all Windows server versions - from NT 3.51 up to 2003. The Data.Get.SAM command fills the [Data] section with all accounts from the server. The If..Then..Else..EndIf statements with Data.Row.Delete commands removes accounts that should not be changed from the [Data] section. Passwords are generated automatically with the password generator. The Data.Show command shows accounts and passwords in a preview dialog before changing anything. The SamAccount command Account.Edit.Password is used to change passwords.

Script

[Settings_Begin]
BatchSettings.Delimiter=;
BatchSettings.MarkerCol=18
BatchSettings.MarkersAutoRemove=Yes

SET ExcludeList=Administrator§Guest§krbtgt§TsInternetUser§IUSR_EDU8§IWAM_EDU8§

//Password Generator Settings 
Generator.Password.DestCol=17
Generator.Password.Special.Vowels=aeiouy 
Generator.Password.Special.Consonants=bcdfghjklmnpqrstvwxz 
Generator.Password.Special.Numbers=0123456789 
Generator.Password.Special.Special=-+#¤%"!%& 
Generator.Password.Special.Format=rnBababas 

[Settings_End]

[Machines_Begin] 
\\EDU8      NT PDC    
[Machines_End] 

[Init_Batch_Begin]
Data.Get.SAM \\EDU8   
Data.Save c:\data.txt   
Data.Loop       
  If MultiCompare (%col1%,%ExcludeList%)=1 Then   
   Data.Row.Delete
 EndIf       
Data.EndLoop      
Data.Loop       
 If %col3%<90 Then       
   Data.Row.Delete    
 EndIf   
Data.EndLoop   
If %RowsTotal% = 0 Then       
 MessageBox No accounts found.   
 QuitBatch       
EndIf       
Data.Passwords.Generate Special   
Data.Show   
[Init_Batch_End]

[Batch_Begin] 
Data.Loop       
 Account.Edit.Password %col1%,%col17%   
Data.Endloop       
[Batch_End] 

[Data_Begin]
[Data_End]

How to use the script

·[Settings]: Edit the rows that begins with "Generator.Password.Special." - you should create your own strings for safer passwords.  
·[Settings]: Edit ExcludeList, fill the list with accounts that should not be edited no matter how old the password is. Notice: each item must end with "§".  
·[Machines: Replace "EDU8" with the name of your server.  
·[Init] Replace "EDU8" in the "Data.Get.SAM" command with the name of your server.  
·Click "Run Batch".  
·Click "Save" to save the script. The file should be stored on a removable media and kept in a safe place.  

Tip

Print password sheets by using the print data section function.