@echo off &setlocal REM Pfad zur CSV Datei und fuer Log Datei set wd=C:\Users\Administrator\Documents\ REM Name der CSV Datei set "file=%wd%\pw.csv" REM Name der Domaene set domainname=TUX REM Spalten die Username bzw. Passwort enthalten set /a "usercsv = 3, pwcsv = 4" REM Name der Log Datei set log=%wd%\change-pw.log setlocal EnableDelayedExpansion <"!file!" ( for /f %%i in ('type "!file!"^|find /c /v ""') do for /l %%j in (1 1 %%i) do ( set "line=" &set /p "line=" set /a "c=0" for %%k in ("!line:;=" "!") do ( set /a "c += 1" if !c!==!usercsv! ( endlocal set "c=%usercsv%" set "username=%%~k" setlocal EnableDelayedExpansion ) if !c!==!pwcsv! ( endlocal set "c=%pwcsv%" set "newpw=%%~k" setlocal EnableDelayedExpansion ) ) call :ProcessItems ) ) endlocal pause exit /b :ProcessItems REM ###### EDIT THIS for more options ###### REM desired local user account set user=!username! REM is it an active directory domain user or a local user account; can be yes, 1, no, 0 set domainuser=yes REM needed if domain user set domainparam=!domainname! REM desired new password, pay attention to password policies if activated set newpw=!newpw! REM checks if the desired user account is activated on the machine; can be yes, 1, no, 0 set checkactive=yes REM needed if active check is performed set active=0 REM if the user is deactivated, should it get activated, can be yes, 1, no, 0 set reactivate=yes REM checks if the old password has an expiration date, which would also get changed to a newer date; can be yes, 1, no, 0 set checkpwexpire=yes REM needed if expiration check is performed set expires=0 REM changes password though it has an expiration date; can be yes, 1, no, 0 set changeanyways=yes REM check for empty variables if "%user%"=="" goto end if "%newpw%"=="" goto end REM prepare domain usage if "%domainuser%"=="yes" set domainparam=/domain if "%domainuser%"=="1" set domainparam=/domain REM check if user exists net user %user% %domainparam% if not %errorlevel%==0 echo %date% %time:~0,8% Nutzer %user% scheint nicht zu existieren >> %log% && goto end goto active :active if "%checkactive%"=="0" goto expires if "%checkactive%"=="no" goto expires REM check if user is active for /f "tokens=1-3" %%i in ('net user %user% %domainparam%') do ( if "%%i %%j"=="Konto aktiv" set active=%%k ) if "%active%"=="Ja" goto expires if "%active%"=="Yes" goto expires REM activate the user if wished if "%reactivate%"=="yes" net user %user% %domainparam% /Active:YES if "%reactivate%"=="1" net user %user% %domainparam% /Active:YES echo %date% %time:~0,8% Nutzer %user% ist deaktiviert. Passwort wird trotzdem zurückgesetzt. >> %log% goto expires :expires if "%checkpwexpire%"=="0" goto changepw if "%checkpwexpire%"=="no" goto changepw REM check if user password has an expiration date for /f "tokens=1-4" %%i in ('net user %user% %domainparam%') do ( if "%%i %%j %%k"=="Kennwort läuft ab" set expires=%%l ) if "%expires%"=="Nie" goto changepw if "%expires%"=="Never" goto changepw if "%changeanyways%"=="yes" goto changepw if "%changeanyways%"=="1" goto changepw echo %date% %time:~0,8% Nutzer %user% hat ein zeitlich limitiertes Passwort, Passwortänderung wird abgebrochen. >> %log% goto end :changepw net user %user% %newpw% %domainparam% set pwEL=%errorlevel% if %pwEL%==0 echo %date% %time:~0,8% Passwort geändert. User: %user% - Aktiviert: %active% - PW läuft ab: %expires% >> %log% && goto end echo %date% %time:~0,8% Fehler beim Ändern des Passworts: %pwEL%. User: %user% - Aktiviert: %active% - PW läuft ab: %expires% >> %log% REM Errorlevel 2 means that the chosen password doen't meet the password policy guidelines goto end :end exit /b