eric_szonyi
ServiceNow Employee
ServiceNow Employee

I needed to get a solution for self-service password reset for users authenticated by Active Direcrory. I enabled the following plugin:

http://wiki.servicenow.com/index.php?title=Self_Service_Password_Reset_plugin

This plugin only works for locally authenticated users. Fortunately adding AD functionality can be accomplished with just a few steps.

1. Create a workflow which leverages the Reset AD User Password activity (Requires Orchestration).

2. On the workflow select Edit Inputs from the settings menu and create two string variables (or similar):
- one for the username ('u_username')
- one for the password ('u_password').

3. Open the Reset AD User Password activity and assign the following values as variables:
- Username = ${workflow.inputs.u_username}
- Password = ${workflow.inputs.u_password}

4. Under System Definition > Script includes, modify the PasswordResetAJAX script as follows:

Change the following section so it does not bypass LDAP accounts:


                 /////     FROM     //////

                 //alert and exit if ldap account
                 if (usr.source.toString().startsWith('ldap')) {
                       msg = gs.getMessage("Use your network password to log into Service-now. If your network password does not work, contact your service desk.");
                       return "Error:" + msg;
                 }

                 /////     TO     //////

                 if (usr.source.toString().startsWith('ldap')) {
                       // msg = gs.getMessage("Use your network password to log into Service-now. If your network password does not work, contact your service desk.");
                       // return "Error:" + msg;
                       newpw = "";
                       var availablechars = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
                       for(var x = 0; x < 8; x++) {
                             randomNumber = Math.floor(Math.random() * availablechars.length);
                             newpw += availablechars[randomNumber];
                       }
                       //create the variables for calling the workdlow
                       var vars = {};
                       vars.u_username = userid;
                       vars.u_password = newpw;

                       //call the AD Password Reset workflow
                       var w = new Workflow();
                       var wfid = w.getWorkflowFromName("AD Password Reset");
                       w.startFlow(wfid, null, 'AD Password Reset', vars);
                       msg = gs.getMessage("Your password has been reset and will be emailed to the address in our system");
                       return "Success:" + msg;                                 
                 }


This is a simple solution to prove out the functionality. This will allow the password reset functionality to work for locally authenticated users and Active Directory users. Tailor the logic, temporary password generation logic and Password Reset Activity parameters as necessary to suit your needs.
5 Comments