Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Password Reset With Active Directory

Go to solution
Brian Lancaster
Kilo Patron

‎02-27-2015 06:10 AM

Has anybody gotten password reset to work with Active Directory?   I can not find any information on the Wiki on setting it up with active directory.   Do I need to modify the workflow that comes with the plugin?   I have a MID servers setup and connected.

Labels:
0 Helpfuls
  • 11,563 Views
1 ACCEPTED SOLUTION

Go to solution
Brian Lancaster
Kilo Patron
In response to Brian Lancaster

‎03-15-2015 12:27 PM

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow.   You will need to also add this code to the Pwd Unlock Account - AD workflow.   Also for your credential store you will put for the host name [your domain controller]:3268.   This will make sure you use the global catalog service.   This should be your root domain controller.


In the below script replace the ? what shows on the source for the user in each domain.



var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


  if (user.next()){


  if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


View solution in original post

37 REPLIES 37

Go to solution
Brian Lancaster
Kilo Patron
In response to absenceofheat

‎03-12-2015 08:57 AM

It appears to be a multiple domain issue.   Have to setup a credential store and process for each one.


0 Helpfuls

Go to solution
Brian Lancaster
Kilo Patron

‎03-13-2015 11:58 AM

Ok to get around the multiple domain issue I am trying to query the sys_user table to I can pull the source filed.   Then I can do in if statement on the source field to change the domain controller that is used.   Here is my query code.   For some reason if I do a gs.log on user.name or user.source it returns no values.   I don't see what I'm doing wrong.   Just as an FYI.. I did a gs.log on workflo.inputs.u_user_name and it returns what I expected.


var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


0 Helpfuls

Go to solution
Brian Lancaster
Kilo Patron
In response to Brian Lancaster

‎03-15-2015 12:27 PM

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow.   You will need to also add this code to the Pwd Unlock Account - AD workflow.   Also for your credential store you will put for the host name [your domain controller]:3268.   This will make sure you use the global catalog service.   This should be your root domain controller.


In the below script replace the ? what shows on the source for the user in each domain.



var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


  if (user.next()){


  if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


Go to solution
daniellennon
Giga Contributor
In response to Brian Lancaster

‎01-06-2016 04:39 PM

Hi bricast



Thanks for the solution you provided here it's been very helpful! I now have the ability to unlock and reset passwords across the 2 domains I manage.



Ran into a slight issue early on and forgot to remove the following from the run script;


workflow.scratchpad.domain = credStore.getHostName()


I've modified 3 scripts to get this working correctly;



Pwd Get Lock State - AD - I found OOB that this workflow was returning "account unlocked" even if it was locked.


Pwd Unlock Account - AD


Pwd Reset - AD



Cheers


Daniel


0 Helpfuls

Go to solution
Brian Lancaster
Kilo Patron
In response to daniellennon

‎01-07-2016 05:51 AM

Hello Daniel,


So are you good now.   I got two notification one stating that you thought is was a permission issue but I do not see it here.   Just in case I found the wiki article that explains what permission your service account running on the mid service services on the mid server.


Configuring Remote Credential Stores - ServiceNow Wiki


0 Helpfuls