
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2015 06:10 AM
Has anybody gotten password reset to work with Active Directory? I can not find any information on the Wiki on setting it up with active directory. Do I need to modify the workflow that comes with the plugin? I have a MID servers setup and connected.
Solved! Go to Solution.
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2015 12:27 PM
Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow. You will need to also add this code to the Pwd Unlock Account - AD workflow. Also for your credential store you will put for the host name [your domain controller]:3268. This will make sure you use the global catalog service. This should be your root domain controller.
In the below script replace the ? what shows on the source for the user in each domain.
var user = new GlideRecord('sys_user');
user.addQuery ('user_name', workflow.inputs.u_user_name);
user.query();
if (user.next()){
if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2015 08:57 AM
It appears to be a multiple domain issue. Have to setup a credential store and process for each one.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2015 11:58 AM
Ok to get around the multiple domain issue I am trying to query the sys_user table to I can pull the source filed. Then I can do in if statement on the source field to change the domain controller that is used. Here is my query code. For some reason if I do a gs.log on user.name or user.source it returns no values. I don't see what I'm doing wrong. Just as an FYI.. I did a gs.log on workflo.inputs.u_user_name and it returns what I expected.
var user = new GlideRecord('sys_user');
user.addQuery ('user_name', workflow.inputs.u_user_name);
user.query();
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2015 12:27 PM
Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow. You will need to also add this code to the Pwd Unlock Account - AD workflow. Also for your credential store you will put for the host name [your domain controller]:3268. This will make sure you use the global catalog service. This should be your root domain controller.
In the below script replace the ? what shows on the source for the user in each domain.
var user = new GlideRecord('sys_user');
user.addQuery ('user_name', workflow.inputs.u_user_name);
user.query();
if (user.next()){
if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2016 04:39 PM
Hi bricast
Thanks for the solution you provided here it's been very helpful! I now have the ability to unlock and reset passwords across the 2 domains I manage.
Ran into a slight issue early on and forgot to remove the following from the run script;
workflow.scratchpad.domain = credStore.getHostName()
I've modified 3 scripts to get this working correctly;
Pwd Get Lock State - AD - I found OOB that this workflow was returning "account unlocked" even if it was locked.
Pwd Unlock Account - AD
Pwd Reset - AD
Cheers
Daniel

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2016 05:51 AM
Hello Daniel,
So are you good now. I got two notification one stating that you thought is was a permission issue but I do not see it here. Just in case I found the wiki article that explains what permission your service account running on the mid service services on the mid server.
Configuring Remote Credential Stores - ServiceNow Wiki