Password Reset integration for Microsoft Active Directory - Blog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 12:40 AM
Hi fellow developers
(This is not a question 🙂 )
Writing this short piece of how to use the "Password Reset integration for Microsoft Active Directory spoke".
When at first I received the requirement of building something which can help reset password of user in the AD environment, I was planning on normal integration steps API, REST, SOAP blah blah..
Later, when I was investigating on ways this fresh looking spoke was calling me in the ServiceNow documents. When I checked and learnt about it, was the moment I realised ServiceNow and it's power.
What I imagined and what the platform gave was immensely amazing. I quickly started working with the client to get the plugin installed and started my work.
Once the plugin is been installed, we will have a whole set of 'Actions' added to the WorkFlow Studio under the Application 'Microsoft Active Directory v2 Spoke'.
Now in my scenario, we need to 'Reset User Password' & 'Generate Random Password' actions.
Note: All actions are read-only so cannot make changes to them.
Only the 'Connections' under 'Connection & Credential' of the actions can be changed.
- The 'Generate Random Password' action uses Powershell, script steps. It gives random password and the output is stored in a variable of type 'Password(2 Way Encrypted)'.
- But in case of 'Reset User Password' action, it has UserName, New Password as inputs.
How I used these:
- In the flow designer, my trigger was Service Catalog.
- Used the 'Get Catalog Variable' step to call my catalog. A field for UserName is present in the catalog, which will be used.
- Following this I have the 'Generate Random Password' action, which will generate a password of length 12+.
- Then comes 'Reset User Password' action where the
- UserName -> UserName from catalog
- Password -> Password generated from previous step
So, even if there is a scenario where password has a particular sequence, but needs to be reflected in the MS AD, you can create your own 'Script Action' but store the output password in a output variable of 'Password(2 Way Encrypted)' type.
Then call it to the 'Reset User Password' Action.
Hope this helps!!
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 08:05 AM
Thanks for sharing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2025 02:50 AM
Hi @harshi_ramesh,
In my organization we have LDAP integration with Microsoft Active Directory and all the configurations related to the spoke is done.
The credential store connection is also successful. But while trying to reset the password by clicking the forget password link on the servicenow login page, instead sending me a code to verify my email it is sending an error. Can you help me here. Attached the error email.
Thank You
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2025 03:11 AM
Hi @Sai Gopal
By seeing the error that you have mentioned, even though the connection was successful. I suggest to check these:
- Ensure email configuration is active and SMTP is working (try sending a test email from a user record).
- Check in the flow(if you are using) the correct action is being called. Validate the flow steps: especially Verification, Reset, and Success.
- Spoke Actions (Microsoft Active Directory): Ensure the correct credentials are been added in it.
Please let me know if it helped.
Thanks!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2025 04:52 AM - edited 07-23-2025 05:01 AM
@harshi_ramesh
1) Email configuration is active and we are able to send the emails to the user.
2) After clicking on the forget password the default process is being used and i have changed the credential store to AD credential in which the connection is tested successful.(I am not able to find out which flow is being used for this process although there is a subflow for the password reset but the email which we are getting is not a part of that).
3) Spoke connections are accurate
Any way that you can suggest on Resetting the password in AD from the windows login screen.