Wednesday, August 27, 2014

Mass reset ActiveDirectory accounts password using the "LTB Self Service Password"

LTB Self Service Password is a small web applications written in php to delegate administrative tasks to users. It is a part of the LTB project (http://ltb-project.org/wiki/). The main functionality of this app is to help the users to self-reset their own Active Directory account's password, but you can leverage its utility functions (php script) to access the Active Directory service.

One of the advantages of using the LTB Self Service Password functions is mass resetting a group of AD accounts's password. Here is the working snippet (I used Python to load the accounts list because of the easiness of the csv module):

Firstly, make sure that you have installed php5-ldap lib:

$ sudo apt-get install php5-ldap


massreset.php



wrapper.py



accounts.csv

student_number,lastname,firstname,username
123,Super, Cool,username1
456,Ultra,Awesome,username2
789,Wonder,Who,username3


So, to mass reset password of all the users in accounts.csv, run the following command:

$ python wrapper.py