Password Reset With Active Directory

Go to solution
Brian Lancaster
Tera Sage

‎02-27-2015 06:10 AM

Has anybody gotten password reset to work with Active Directory?   I can not find any information on the Wiki on setting it up with active directory.   Do I need to modify the workflow that comes with the plugin?   I have a MID servers setup and connected.

Labels:
0 Helpfuls
  • 10,686 Views
1 ACCEPTED SOLUTION

Go to solution
Brian Lancaster
Tera Sage
In response to Brian Lancaster

‎03-15-2015 12:27 PM

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow.   You will need to also add this code to the Pwd Unlock Account - AD workflow.   Also for your credential store you will put for the host name [your domain controller]:3268.   This will make sure you use the global catalog service.   This should be your root domain controller.


In the below script replace the ? what shows on the source for the user in each domain.



var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


  if (user.next()){


  if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


View solution in original post

37 REPLIES 37

Go to solution
Brian Lancaster
Tera Sage
In response to absenceofheat

‎03-12-2015 08:57 AM

It appears to be a multiple domain issue.   Have to setup a credential store and process for each one.


0 Helpfuls

Go to solution
Brian Lancaster
Tera Sage

‎03-13-2015 11:58 AM

Ok to get around the multiple domain issue I am trying to query the sys_user table to I can pull the source filed.   Then I can do in if statement on the source field to change the domain controller that is used.   Here is my query code.   For some reason if I do a gs.log on user.name or user.source it returns no values.   I don't see what I'm doing wrong.   Just as an FYI.. I did a gs.log on workflo.inputs.u_user_name and it returns what I expected.


var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


0 Helpfuls

Go to solution
Brian Lancaster
Tera Sage
In response to Brian Lancaster

‎03-15-2015 12:27 PM

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow.   You will need to also add this code to the Pwd Unlock Account - AD workflow.   Also for your credential store you will put for the host name [your domain controller]:3268.   This will make sure you use the global catalog service.   This should be your root domain controller.


In the below script replace the ? what shows on the source for the user in each domain.



var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


  if (user.next()){


  if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


Go to solution
daniellennon
Giga Contributor
In response to Brian Lancaster

‎01-06-2016 04:39 PM

Hi bricast



Thanks for the solution you provided here it's been very helpful! I now have the ability to unlock and reset passwords across the 2 domains I manage.



Ran into a slight issue early on and forgot to remove the following from the run script;


workflow.scratchpad.domain = credStore.getHostName()


I've modified 3 scripts to get this working correctly;



Pwd Get Lock State - AD - I found OOB that this workflow was returning "account unlocked" even if it was locked.


Pwd Unlock Account - AD


Pwd Reset - AD



Cheers


Daniel


0 Helpfuls

Go to solution
Brian Lancaster
Tera Sage
In response to daniellennon

‎01-07-2016 05:51 AM

Hello Daniel,


So are you good now.   I got two notification one stating that you thought is was a permission issue but I do not see it here.   Just in case I found the wiki article that explains what permission your service account running on the mid service services on the mid server.


Configuring Remote Credential Stores - ServiceNow Wiki


0 Helpfuls