Orchestration - Password reset tool customization to run powershell scripts

How to run Powershell Scripts

 

Brief Description:

 

Password Reset Tool is one of the NOW Platform capabilities.  The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users.

 

Sometimes based on requirements, you need to customize this tool to be able to connect with your Active Directory and run Powershell scripts [i.e. Windows Server].  This article gives you step by step configuration on how to deal with this kind of scenario.

 

Pre requisites

 

• Download the Powershell Probe Utility from the below URL
• • http://www.john-james-andersen.com/blog/service-now/powershell-probe-and-utility-for-servicenow.html
  • Download the update set and commit to your instance
  • You need only “PowershellProbe” script include from this updateset
• Install Orchestration Package via Activate Plugin - Orchestration -AD
• Configure the Password reset Credential store.  You can observe the “Local ServiceNow Instance” entry for reference.

Create a Workflow called “Password Reset - AD” and point the table to “Global” under properties of that

workflow

Use activities called “Reset AD User Password” and “Change AD User Password” activities.

Write scripts to verify Password failure for fatal errors using  SNC.PwdWorkflowManager()

Create another workflow called “Password Reset - Connection Test”

Use “pwd_cred_store” Table to get the credentials.  Get the parameters using this Table.

Use “Query AD” activity to ping with the username

Return the value based on the test

 

Now, you are ready to create the Credentials store entry.  

 

• Goto Password reset Credential store types and create the AD entry.  Point the workflows that you created for “Password Reset workflow” and “Connection test workflow”
• Goto Password reset Credential store and create an entry and use the above type here.
• Provide the Hostname of AD Server and save the Credentials
• Next Step would be creating a Verification UI and Verification Processor.

Step by Step Configuration

 

Create Verification UI

 

• Create a UI Macro called “AD Powershell Verification UI”.
• Just give some heading with bold letters called “START VALIDATING YOUR CREDENTIALS”
• You may give some fancy text over here.  This is just to show to the end user on what process is going to run.
• Save this UI.

 

Create Verification Processor Script Include

 

• Create a script include called “AD Verification Processor”
• Point the category as below
• • category: 'password_reset.extension.verification_form_processor'
• Create a method called “verify”.
• Provide the input variables as below
• • Windows Server = <ipaddress>/FQDN
  • Mid Server =<mid server>
  • Powershell Script Name =<Full path of the script name>
  • Parameters for Powershell script = params.userId
• Execute the Powershell script as below
• • var obj = new PowershellProbe(<Midserver>, <Powershell path including Params>);
  • Get the resonse
  • Note:  The response will be in ecc queue with type = input
  • Return the value to the frontend

 

Create Password Reset Verification Type

 

• Goto Password Reset Verification type
• Create entry called “AD Verification Type”
• Select the “Verification UI” & “Verification Processor”
• You may check automatic enrollment  / can select from the list of Enrollments.
• Save the record and exit

 

Create Verification

 

• Goto Password Reset Verification
• Create an entry called “AD Verification” and select the type as “AD Verification Type”
• Save and Exit

Create Password Reset Process

 

• Create Password reset process called “AD Process”
• Select the Credential store which you created on the pre requisites
• Check “Password Change”
• Check “Password Reset”
• Check “Public access”
• Give URL Suffix as “verifypowershell” [You may give of your own]
• Choose the correct option based on your requirement i.e. Display capcha/Enable account lockout etc.,
• Identification type as “Username Identification”
• On the “Verifications” Tab, select the Verification which you created early.

 

Now, you are ready to use the Password reset tool.  On this screen, it gives you the URL of the Password reset tool i.e. “Public URL”.  

 

Provide this URL to the End User to change their password