-1

I have 1000 users I need to change the password for to a known password for a migration tool (groupwise to exchange). I do not have any of the existing password. How do I change the password for 1000 groupwise users via batch using ldap or other medium?

bro
  • 191
  • 7
  • 1
    You write a script. `man ldapmodify` is a place to start. – Jenny D Sep 25 '14 at 07:39
  • @Jenny D ldapmodify appears to require the existing password? http://onlineappsdba.com/index.php/2011/01/23/how-to-update-user-password-in-oid-single-account-or-bulk-command-line-or-gui/ – bro Sep 25 '14 at 08:46
  • @bro: What in the article you linked give you this impression? If you are authenticated to the directory with a user who has change permissions on all password fields (aka an admin), you just need the new password. – Sven Sep 25 '14 at 08:55

3 Answers3

1

If you can run powershell you could use the Set-ADAccountPassword cmdlet with the RESET flag so it ignores the "OldPassword" input requirement:

http://technet.microsoft.com/en-us/library/ee617261.aspx

Snippet:

When you specify the Reset parameter, the password is set to the NewPassword value that you provide and the OldPassword parameter is not required.

If only LDAP tools are a good way to approach it:

you do not need to give the "old" password in the LDAPMODIFY tool.

dn: uid=def,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: another-new-password

This will work as on the string: "replace: userPassword" they are not asking for the current / old password but only indicating what they are modifying.

Hope this is of help,

regards

Entity_Razer
  • 465
  • 1
  • 5
  • 17
0

If you want the users to be able to maintain their old password, here's a (kinda sneaky) way that you do that... it is perhaps rather unconventional (for legitimate uses).

If you have something that people [have to] sign into with a username and password, and you are able to modify the code of what is reading in their password, then you could do the following:

  • with plenty of time before you switch systems:
    • assuming that user logs into an application/website that takes their username and password,
    • alter the application to:
      • read in the username and password from the user;
      • check the password that it matches;
      • do a strength-test so it prevents propagating weak passwords;
      • (silently) sets the user's password in the new directory to the same password -- this requires rights appropriate to do so;
      • logs the user into the application.

When it gets time to switch, remove this code, and educate users that they may have to get their password changed.

As you can see, it does somewhat borrow on less-honest techniques that might be used in a phony website, but could pay-off in having fewer users to have to change passwords for. [it's also a good illustration of why something like SSO systems such as SAML, with some user-education, are helpful in helping to prevent phishing attacks].

Cameron Kerr
  • 3,919
  • 18
  • 24
0

Please do the following. Log in to the iManager if it is installed you will find it at https:///nps

Login as Admin or with equivalent rights.

Go within the Menu eDirectory Maintenance and run the Import, Convert, Export Agent or ICE to export an leif file.

Than you follow this TID https://www.novell.com/support/kb/doc.php?id=7003319

and, after you modified the file you will import it, by the same procedure.

If you use this way, you can always run a dry run, to check if your syntax is correct. Tell me if you need any further information on this.

Megatraveller
  • 15
  • 3