Password Reset integration for Microsoft Active Directory - Blog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 12:40 AM
Hi fellow developers
(This is not a question 🙂 )
Writing this short piece of how to use the "Password Reset integration for Microsoft Active Directory spoke".
When at first I received the requirement of building something which can help reset password of user in the AD environment, I was planning on normal integration steps API, REST, SOAP blah blah..
Later, when I was investigating on ways this fresh looking spoke was calling me in the ServiceNow documents. When I checked and learnt about it, was the moment I realised ServiceNow and it's power.
What I imagined and what the platform gave was immensely amazing. I quickly started working with the client to get the plugin installed and started my work.
Once the plugin is been installed, we will have a whole set of 'Actions' added to the WorkFlow Studio under the Application 'Microsoft Active Directory v2 Spoke'.
Now in my scenario, we need to 'Reset User Password' & 'Generate Random Password' actions.
Note: All actions are read-only so cannot make changes to them.
Only the 'Connections' under 'Connection & Credential' of the actions can be changed.
- The 'Generate Random Password' action uses Powershell, script steps. It gives random password and the output is stored in a variable of type 'Password(2 Way Encrypted)'.
- But in case of 'Reset User Password' action, it has UserName, New Password as inputs.
How I used these:
- In the flow designer, my trigger was Service Catalog.
- Used the 'Get Catalog Variable' step to call my catalog. A field for UserName is present in the catalog, which will be used.
- Following this I have the 'Generate Random Password' action, which will generate a password of length 12+.
- Then comes 'Reset User Password' action where the
- UserName -> UserName from catalog
- Password -> Password generated from previous step
So, even if there is a scenario where password has a particular sequence, but needs to be reflected in the MS AD, you can create your own 'Script Action' but store the output password in a output variable of 'Password(2 Way Encrypted)' type.
Then call it to the 'Reset User Password' Action.
Hope this helps!!
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2025 04:09 AM
Hi @Sai Gopal
Seeing the screenshot attached, if possible check whether the 'Force Change' checkbox under the 'Reset User Password' action is selected.
As well as the Unlock Account checkbox
What it does: If the user’s account is locked out (e.g., due to too many failed login attempts), this option will unlock the account as part of the password reset process.
Why it’s used:
Prevents users from being locked out even after getting a new password.
Saves time for helpdesk/admins who otherwise have to unlock accounts separately.
In Active Directory: This clears the lockout state on the user account.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi @harshi_ramesh,
I am facing a similar issue as @Sai Gopal mentioned in the thread. Also when I click on Reset Password button, I receive the error message "Invalid User"
The credential store connection is tested successfully.
As per the OOB subflows, I am currently using the user’s email address as the username.
Could you please suggest any possible solutions or guidance on this?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi @harshi_ramesh,
I am facing a similar issue as @Sai Gopal mentioned in the thread. Also, when I click on the Reset Password button, I receive the error message "Invalid User".
The credential store connection is tested successfully. As per the OOB subflows, I am currently using the user’s email address as the username.
Could you please suggest any possible solutions or guidance on this?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi @pranavjoshi
The 'Microsoft Active Directory v2' spoke is something which works if the entered user is active in AD system.
The Connection which you add under the OOB Connection & Credential must have a valid credential, host and in AD cases as I had experienced try PORT 389.
Maybe these checks can help and hope these might solve the issue you are facing.
If my response helped please mark it correct and close the thread so that it benefits future readers.
