I have a .vbs file that I use to reset domain user passwords. Up until we installed a new server running server 2008 it worked well and it still does for admins but not for the general staff. I am at a loss now to try and find out why it works for me but not for anyone else. This is the error message I get.line: 32char: 6Error: General Access Denied ErrorCode: 800700005Source: Active DirectoryThis is the script I use.Option Explicit '' Subroutines' Sub UsageText Dim strMessage strMessage = WScript.ScriptName & " changes the Password for a given Username. If no " & VbCrLf strMessage = strMessage & "password is entered on the the command line an inbox box " & VbCrLf strMessage = strMessage & "will request them" & VbCrLf & VbCrLf strMessage = strMessage & "Usage:" & VbCrLf & VbCrLf strMessage = strMessage & "cscript " & WScript.ScriptName & " [-u <Username>] [-p <Password>]" & VbCrLf strMessage = strMessage & VbCrLf strMessage = strMessage & VbTab & "-u - Username (sAMAccountName) of Account to alter" & VbCrLf strMessage = strMessage & VbTab & "-p - New Password to set" & VbCrLf WScript.Echo strMessage WScript.QuitEnd Sub Sub SortArgv ' Checks the Command line parameters and updates the appropriate fields. Dim objArgv Dim strArgv Dim i, intUserName, intPassword Dim booUserName, booPassword booUserName = False : booPassword = False i = 0 : intUsername = 0 : intPassword = 0 Set objArgv = WScript.Arguments If objArgv.Count > 1 Then For Each strArgv in objArgv i = i + 1 If LCase(strArgv) = "-u" Then booUserName = True intUserName = i End If If LCase(strArgv) = "-p" Then booPassword = True intPassword = i End If Next End If If booUserName = True And objArgv.Count < intUserName Then UsageText ElseIf booUserName = True Then strUserName = objArgv(intUserName) End If If booPassword = True And objArgv.Count < intPassword Then UsageText ElseIf booPassword = True Then strPassword = objArgv(intPassword) End If Set objArgv = Nothing If booUserName = False And strUserName = "" Then strUserName = InputBox("Please Enter the Student logon name", "Enter Student Logon Name") If strUserName = "" Then UsageText End If End If If strPassword = "" Then strPassword = InputBox("Please Enter the Password to Set for " & strUserName, "Enter Password") If strPassword = "" Then UsageText End If End IfEnd Sub Function GetUserDN(strUserName) Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_1779 = 1 Const ADS_NAME_TYPE_NT4 = 3 Dim objNameTranslate, objNetwork Dim strDomain, strUserDN On Error Resume Next Set objNameTranslate = CreateObject("NameTranslate") Set objNetwork = CreateObject("WScript.Network") strDomain = objNetwork.UserDomain objNameTranslate.Init ADS_NAME_INITTYPE_GC, "" objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strUserName strUserDN = objNameTranslate.Get(ADS_NAME_TYPE_1779) Set objNameTranslate = Nothing Set objNetwork = Nothing On Error Goto 0 GetUserDN = strUserDNEnd Function '' Main Code Section' ' Global Variables Dim objUserDim strUserName, strPassword, strUserDN, strDisplayNameDim intResponse SortArgv strUserDN = GetUserDN(strUserName) If strUserDN = "" Then WScript.Echo "User Not Found" WScript.QuitEnd If Set objUser = GetObject("LDAP://" & strUserDN) If objUser.IsAccountLocked = True Then objUser.IsAccountLocked = False objUser.SetInfo WScript.Echo "Account has been Unlocked"End If On Error Resume NextstrDisplayName = "" : strDisplayName = objUser.Get("displayName")On Error Goto 0 If strDisplayName = "" Then strDisplayName = strUserName objUser.Put "displayName", strDisplayName objUser.SetInfoEnd If intResponse = MsgBox("Is the student's real name " & strDisplayName & VbCrLf & VbCrLf &_ "If you answer YES the user's password will be reset and set to Change at Next Logon.", _ VbYesNo ,"Check student Name" & VbCrLf) If intResponse <> VbYes Then WScript.Echo "Password was not changed" WScript.QuitEnd If On Error Resume NextErr.ClearobjUser.SetPassword strPasswordIf Err.Number = 0 Then WScript.Echo "Password was changed successfully"Else WScript.echo "PERMISSION DENIED: Password not changed." &_ VbCrLf & VbCrLf & "The new password must contain at least 8 " &_ "letters/numbers/symbols" & VbCrLf & "& may not have been used previously."End If objUser.Put "pwdLastSet", 0objUser.SetInfo Set objUser = Nothing

From your script, line 32 is actually pointing to a blank line. Can you identify the line which the error message points to?Regards,SalvadorMy BlogMy Passion

Bill,Permissions.If it still works for admins but not for staff after upgrade to 2008 server then the access permissions have changed for the staff user group in some way.I have just installed 2008 and seen that there are miriad changes to the security model from 2003.look at the permissions on the admin group and compare them to the staff security group and see whats different.Access required to retrieve/change passwords in AD are not sufficient for your staff members.RegardsRupertthe problem is not what you don't know it's what you think you know that's wrong