Password Reset integration for Microsoft Active Directory - Blog

harshi_ramesh
Tera Expert

Hi fellow developers

(This is not a question 🙂 )

 

Writing this short piece of how to use the "Password Reset integration for Microsoft Active Directory spoke".

When at first I received the requirement of building something which can help reset password of user in the AD environment, I was planning on normal integration steps API, REST, SOAP blah blah..

Later, when I was investigating on ways this fresh looking spoke was calling me in the ServiceNow documents. When I checked and learnt about it, was the moment I realised ServiceNow and it's power.

What I imagined and what the platform gave was immensely amazing. I quickly started working with the client to get the plugin installed and started my work.

 

Once the plugin is been installed, we will have a whole set of 'Actions' added to the WorkFlow Studio under the Application 'Microsoft Active Directory v2 Spoke'.

Now in my scenario, we need to 'Reset User Password' & 'Generate Random Password' actions.

Note: All actions are read-only so cannot make changes to them.

Only the 'Connections' under 'Connection & Credential' of the actions can be changed.

 

  • The 'Generate Random Password' action uses Powershell, script steps. It gives random password and the output is stored in a variable of type 'Password(2 Way Encrypted)'.
  • But in case of 'Reset User Password' action, it has UserName, New Password as inputs.

How I used these:

  1. In the flow designer, my trigger was Service Catalog.
  2. Used the 'Get Catalog Variable' step to call my catalog. A field for UserName is present in the catalog, which will be used.
  3. Following this I have the 'Generate Random Password' action, which will generate a password of length 12+.
  4. Then comes 'Reset User Password' action where the 
  • UserName -> UserName from catalog
  • Password -> Password generated from previous step

So, even if there is a scenario where password has a particular sequence, but needs to be reflected in the MS AD, you can create your own 'Script Action' but store the output password in a output variable of 'Password(2 Way Encrypted)' type.

Then call it to the 'Reset User Password' Action.

 

Hope this helps!!

 

Thanks!

8 REPLIES 8

MarkosK
Giga Contributor

Thanks for sharing

Sai Gopal
Tera Contributor

Hi @harshi_ramesh,

In my organization we have LDAP integration with Microsoft Active Directory and all the configurations related to the spoke is done.
The credential store connection is also successful. But while trying to reset the password by clicking the forget password link on the servicenow login page, instead sending me a code to verify my email it is sending an error.  Can you help me here. Attached the error email.

SaiGopal_0-1753264234845.png

Thank You

Hi @Sai Gopal 

By seeing the error that you have mentioned, even though the connection was successful. I suggest to check these:

  1. Ensure email configuration is active and SMTP is working (try sending a test email from a user record).
  2. Check in the flow(if you are using) the correct action is being called. Validate the flow steps: especially Verification, Reset, and Success.
  3. Spoke Actions (Microsoft Active Directory): Ensure the correct credentials are been added in it.

 

Please let me know if it helped.

Thanks!!

@harshi_ramesh 
1) Email configuration is active and we are able to send the emails to the user.
2) After clicking on the forget password the default process is being used and i have changed the credential store to AD credential in which the connection is tested successful.(I am not able to find out which flow is being used for this process although there is a subflow for the password reset but the email which we are getting is not a part of that).

3) Spoke connections are accurate

Any way that you can suggest on Resetting the password in AD from the windows login screen.