Thursday, October 8, 2015

Mass reset Active Directory users's password remotely using python

In Microsoft Windows Server 2008 (Active Directory Domain Controller), you can reset a user password using command prompt with dsmod:

dsmod user <user dn> -pwd new_password

What if you want to do it from remote? Python and Paramiko module will help:

1. In the Active Directory domain controller, install cygwin with ssh module. Create a ssh user.

2. Still in the Active Directory domain controller, export the user's dn list to a csv file using command prompt:

dsquery user "ou=MyUser,dc=my,dc=domain,dc=com" | dsget user -samid -fn -ln -dn > myusers.csv

3. Open names.csv, add a column name "password" and fill in new password for all the user. Save and copy it to your computer.

4. In your computer (I'm running Ubuntu 14.04), install all the paramiko python module:

$ sudo pip install paramiko

then run this python script:



$ python mass_reset_ad_passwd.py /path/to/myusers.csv