Password Reset integration for Microsoft Active Directory - Blog

harshi_ramesh
Tera Expert

Hi fellow developers

(This is not a question 🙂 )

 

Writing this short piece of how to use the "Password Reset integration for Microsoft Active Directory spoke".

When at first I received the requirement of building something which can help reset password of user in the AD environment, I was planning on normal integration steps API, REST, SOAP blah blah..

Later, when I was investigating on ways this fresh looking spoke was calling me in the ServiceNow documents. When I checked and learnt about it, was the moment I realised ServiceNow and it's power.

What I imagined and what the platform gave was immensely amazing. I quickly started working with the client to get the plugin installed and started my work.

 

Once the plugin is been installed, we will have a whole set of 'Actions' added to the WorkFlow Studio under the Application 'Microsoft Active Directory v2 Spoke'.

Now in my scenario, we need to 'Reset User Password' & 'Generate Random Password' actions.

Note: All actions are read-only so cannot make changes to them.

Only the 'Connections' under 'Connection & Credential' of the actions can be changed.

 

  • The 'Generate Random Password' action uses Powershell, script steps. It gives random password and the output is stored in a variable of type 'Password(2 Way Encrypted)'.
  • But in case of 'Reset User Password' action, it has UserName, New Password as inputs.

How I used these:

  1. In the flow designer, my trigger was Service Catalog.
  2. Used the 'Get Catalog Variable' step to call my catalog. A field for UserName is present in the catalog, which will be used.
  3. Following this I have the 'Generate Random Password' action, which will generate a password of length 12+.
  4. Then comes 'Reset User Password' action where the 
  • UserName -> UserName from catalog
  • Password -> Password generated from previous step

So, even if there is a scenario where password has a particular sequence, but needs to be reflected in the MS AD, you can create your own 'Script Action' but store the output password in a output variable of 'Password(2 Way Encrypted)' type.

Then call it to the 'Reset User Password' Action.

 

Hope this helps!!

 

Thanks!

10 REPLIES 10

Sravani36
Tera Expert

Hi @harshi_ramesh , how do users read the password? as it is encrypted - how do they know to reset using this updated password using force login