Automate password reset via catalog item

melsarrazin · ‎06-25-2025

I have a requirement to create a catalog item for missing devices. Ideally, we are wanting the manager to send in the catalog item, then the system will automatically reset the users password and email it to the manager. Then we are sending a task to security to remotely secure the device that is missing.

I am trying to set this up in Flow Designer.

I have the flow working as expected but am getting an error with the actual password reset.

I am unable to figure out how to change the password requirements or why ResetADUserPasswordAction.ps1 is failing.

We are currently utilizing Service Desk and Self-Service Password Resets to reset users AD password.

jonsan09 · ‎06-25-2025

It might be your organizations password complexity requirements set within Active Directory that is causing the error. Have you validated the requirements with your AD team? (number of characters, type of characters, password history, blacklisted passwords, etc.) Once you have the requirements you should be able to validate that your generated password or static password meet those requirements.

melsarrazin · ‎06-26-2025

That is what I am thinking as well but I am wondering how to change the generated password and/or static password within ServiceNow so it meets the requirements.

jonsan09 · ‎06-26-2025

A while back, I had a similar issue and ended up creating a flow action to generate a password that meets the password requirements. You might be able to lean/build off the password generator built into the user table:

UI Action: Set Password (https://yourinstance.service-now.com/nav_to.do?uri=sys_ui_action.do?sys_id=c3e37b4fc3023010559d74c3e...
UI Page: generate_copy_password (https://yourinstance.service-now.com/nav_to.do?uri=sys_ui_page.do?sys_id=b8463fcfc3023010559d74c3e54...)
Script Include: PasswordPolicyUtil (https://yourinstance.service-now.com/nav_to.do?uri=sys_script_include.do?sys_id=eba9be64531333009e33...)

Aniket Chavan · ‎06-26-2025

Hello @melsarrazin ,

Just going by the error message, I’d recommend reaching out to your AD team to fully understand the logic or restrictions they've applied for password resets—like complexity rules, blocked patterns, reuse policies, etc.

Once you have that info, you can try implementing those restrictions on the catalog form itself. For example, you could use RegEx validations on the password variable to make sure the input matches your org's password policy before even submitting the request.

Alternatively, you could handle some validations inside the Flow Designer as conditions, depending on what checks you need. I'm not exactly sure how to handle restrictions around past password history, but for that, maybe the safest approach is to just add a tooltip or annotation on the field advising the requester not to reuse previous passwords.

Hopefully that helps! Let us know your thoughts or if you find something different that works.

Please Mark ✅Correct if this solves your query and also mark 👍Helpful if you find my response worthy based on the impact.

Regards,
Aniket