Windows Server 2008r2 uses Web to modify domain account passwords

Source: Internet
Author: User
Tags ad server custom name ssl certificate ssl connection

Windows Server 2008r2 uses Web to modify domain account passwords

1. Preface

Windows2003iis the ASP Web file IISADMPWD module with the user password to modify the domain, you can enable the module to modify the password through the Web, but IIS7 is not in the 2008 system is not the IISADMPWD function module, therefore need to transplant 2003 of the Iisadmpwd module to 2008 for use;

2. iisadmpwd File Preparation

1, first find a Server2003 system, confirm that the Internet Information Service (IIS) is installed.

650) this.width=650; "title=" clip_image001 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image001 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 13999702516ehd.png "" 456 "height=" 369 "/>

2, then enter the Server2003 system C:\WINDOWS\system32\inetsrv\iisadmpwd directory, copy iisadmpwd the directory and sub-files to the Server2008 system that needs to install the IISADMPWD function c \ Under the Windows\syswow64\inetsrv directory;

650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970251nxo7.png "" 582 "height=" 381 "/>

3. Web server (IIS)/activedirectory Certificate Services Installation

Note: The ad Server is shown here as an example, the test must be performed on the ad, or the error has been errors: missing objects;

1. Log on to the server as an administrator, click Start > Administrative Tools > Server Manager > Roles > Add roles > Tick Web server (IIS) > tick ActiveDirectory Certificate Services

2. Install Certificate service, tick "certificate Authority, Certificate Authority Web registration, online corresponding program";

650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image004 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970252wc2z.jpg "580" height= "/>"

3, installs the Web (IIS) service, and confirms that the ASP, IIS6 Script tool is checked;

650) this.width=650; "title=" clip_image006 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image006 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970253aaqe.jpg "580" height= "/>"

4. Register the IISpwchg.dll file in the Iisadmpwd directory:

1, run the command prompt as administrator, enter the following command, and then return to;

regsvr32 C:\Windows\SysWOW64\inetsrv\iisadmpwd\iispwchg.dll

650) this.width=650; "title=" clip_image008 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image008 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970254y8iq.jpg "" 580 "height=" 237 "/>

5. Configuring the PasswordChangeFlags Property

1, run the command prompt as administrator, switch to the C:\Inetpub\Adminscripts directory, enter the following command, and then return to;

{

650) this.width=650; "title=" clip_image010 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image010 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970254m5bu.jpg "" 580 "height=" 178 "/>

Note: Set the value of the PasswordChangeFlags property, which you can combine with the

0: Default value, means change password with SSL connection

1: Allow unsecured port to change password (for use when SSL function is disabled);

2: Disable Password change

4: Disable password expiration prompt

6. Configure HTTPS

NOTE: If you operate on an Exchange server, you can ignore this step;

1. Click Start > Administrative Tools >internet Information Services (IIS) Manager to open IIS Manager;

650) this.width=650; "title=" clip_image012 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image012 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970255iezg.jpg "" 580 "height=" 352 "/>

2, click on the server name, on the right side double-click "Server Certificate";

650) this.width=650; "title=" clip_image014 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image014 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 13999702567a3p.jpg "" 580 "height=" 277 "/>

3, click on the right "", in the pop-up "create self-signed certificate page" Enter the custom name and then click "OK";

650) this.width=650; "title=" clip_image016 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image016 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970257csoc.jpg "" 580 "height=" 392 "/>

4, switch to the default Web site "DefaultWebSite" click on the right "binding" on the "site binding" page that pops up, hit "add", in the "Add Site Bindings" dialog box type select HTTPS,SSL Certificate Select the newly created IISADMPWD, click "OK" app;

650) this.width=650; "title=" clip_image018 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image018 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970257dr1w.jpg "" 580 "height=" 207 "/>

7. Release IISADMPWD

1, right-click the default website "defaultwebsite" select "Add Application";

650) this.width=650; "title=" clip_image019 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image019 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970258sbbe.png "" 482 "height=" 243 "/>

2. In the Add Application dialog box, the alias fills in the "IISADMPWD" physical path filled in "C:\Windows\SysWOW64\inetsrv\iisadmpwd

"Click OK when you are done;

650) this.width=650; "title=" clip_image020 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image020 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970258an3c.png "" 467 "height=" 303 "/>

3. In IIS Manager, switch to the application you just created "Iisadmpwd", and on the right, double-click "Default Document";

650) this.width=650; "title=" clip_image022 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image022 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970259idgd.jpg "" 580 "height=" 232 "/>

4. Click "Add" on the right to enter "Aexp2.asp" and click OK;

650) this.width=650; "title=" clip_image024 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image024 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970260hjqb.jpg "" 580 "height=" 219 "/>

5, return to the application "IISADMPWD" double-click on the right "SSL settings";

650) this.width=650; "title=" clip_image026 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image026 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970260ssix.jpg "" 580 "height=" 253 "/>

6, tick "Require SSL" click on the right "application";

650) this.width=650; "title=" clip_image028 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image028 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970261bttr.jpg "" 580 "height=" 183 "/>

8. Web page Change Password

1, in the browse which entered https://127.0.0.1/iisadmpwd/enter, and enter the user name password and new password test change password;

650) this.width=650; "title=" clip_image029 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image029 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970261ziiz.png "" 557 "height=" 414 "/>

2, if the following prompt "password is too short, or do not meet the password uniqueness limit", to not satisfy the relevant domain policy, re-enter the password to meet the requirements, or modify the Group Policy quota, modify the method as follows: Open the Group Policy Manager to change the default Domain Policy password policy (modified below);

650) this.width=650; "title=" clip_image031 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image031 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970263yyyz.jpg "" 580 "height="/>

3. After the modification is completed, execute "gpupdate/force" on the command line to refresh the Group Policy to take effect immediately;

650) this.width=650; "title=" clip_image032 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image032 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970263eh1l.png "" 577 "height=" 183 "/>

4, re-enter HTTPS://127.0.0.1/IISADMPWD in the browser, and enter the test user's old password and new password, click OK;

650) this.width=650; "title=" clip_image033 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image033 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970264iygj.png "" 526 "height=" 363 "/>

5, the modification succeeds;

650) this.width=650; "title=" clip_image034 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image034 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970264jbi9.png "" 493 "height=" 284 "/>

9. Attach: Change password via 80 port

The above steps are slightly cumbersome, because you need to install Certificate Services, by binding the certificate and enable HTTPS access, personally think that is not necessary, because after enabling HTTPS client does not do the corresponding certificate settings or security, if used only in the intranet, you can modify the code in the Aexp2.asp "< Form method= "POST" action= "https:" HTTPS is HTTP, configuration PasswordChangeFlags property is cscript.exe adsutil.vbs set w3svc/ PasswordChangeFlags 1, you can not install Certificate Services, do not need to enable HTTPS, directly through the "http://127.0.0.1/iisadmpwd";

10. Attach: Change password via 8080 Port Access Web page

In the network environment, may be due to the web to achieve the concealment of the Password page, or firewalls, routers do the mapping needs of the external network port, need to implement non-80 or 443 access pages, such as the implementation of the HTTP protocol 8080 Port access page (HTTPS protocol modification port and this same);

Log on to the Web page server, open IIS Manager, select the Default Web site, click on the right side of the "binding", select the port you need to modify, such as 80, click on the right "edit" button, in the popup dialog box enter the target port such as "8080" click "OK" exit;

650) this.width=650; "title=" clip_image036 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image036 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 1399970265busz.jpg "" 580 "height=" 249 "/>

Using Notepad or the code-editing tool, open C:\Windows\SysWOW64\inetsrv\iisadmpwd\aexp2.asp, and the Code "(" SERVER_NAME "))%>/iisadmpwd/achg.asp?" Modified to "(" SERVER_NAME "))%>:8080/iisadmpwd/achg.asp?" ;

650) this.width=650; "title=" clip_image037 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image037 "src=" http://img1.51cto.com/attachment/201405/13/8362123_ 13999702654oen.png "" 472 "height=" 147 "/>

Reference Documentation:

Http://www.educity.cn/linux/1150277.html

http://de.cel.blog.163.com/blog/static/51451236201312205443960/

Http://support.microsoft.com/kb/894825/zh-cn

Http://support.microsoft.com/kb/315579/zh-cn

http://blog.csdn.net/wyfde123/article/details/6036975

http://blog.csdn.net/iyu/article/details/257003

Http://hi.baidu.com/dknxbcxbxxbkowd/item/c7b77ed72abc3450d63aae80

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.