Password Reset With Active Directory

Brian Lancaster
Tera Sage

Has anybody gotten password reset to work with Active Directory?   I can not find any information on the Wiki on setting it up with active directory.   Do I need to modify the workflow that comes with the plugin?   I have a MID servers setup and connected.

1 ACCEPTED SOLUTION

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow.   You will need to also add this code to the Pwd Unlock Account - AD workflow.   Also for your credential store you will put for the host name [your domain controller]:3268.   This will make sure you use the global catalog service.   This should be your root domain controller.


In the below script replace the ? what shows on the source for the user in each domain.



var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


  if (user.next()){


  if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


View solution in original post

37 REPLIES 37

bammar
Kilo Sage
Kilo Sage

I believe this can be accomplished with the Password Reset Orchestration Plugin. I did read somewhere you have to contact Service Now to get this as you may incur additional costs for this functionality. I cant be totally sure, i am reciting this off of memory but hope it points you int he right direction.


Found it



Password Reset - ServiceNow Wiki



"For additional functionality, including the ability to reset passwords on Active Directory, you must use the Password Reset - Orchestration Add-on, which provides two credential store types that are not available in the basic Password Reset application. The Orchestration Add-on is available as a separate subscription. For more information, contact your ServiceNow account representative."


I already have the Orchestration Add-on enabled.   How ever when I try and reset the password I am getting a timeout error that appears to be coming from the workflow.


Ok so it seems that we did not have the correct Orchestration License.   The correct one is not enable on our system but I am still unable to reset a password in AD.   Does anybody know if the default script and or workflow need to change to work with AD?     Has anybody gotten this to work?   I cannot find anything on what if any other changes need to be made in the wiki.   This is being done in our test environment which is currently on Eureka.


Worked fine out of the box for me.