Solved: Password Reset With Active Directory - Page 3 - ServiceNow Community

Has anybody gotten password reset to work with Active Directory? I can not find any information on the Wiki on setting it up with active directory. Do I need to modify the workflow that comes with the plugin? I have a MID servers setup and connected.

10,687 Views

1 ACCEPTED SOLUTION

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow. You will need to also add this code to the Pwd Unlock Account - AD workflow. Also for your credential store you will put for the host name [your domain controller]:3268. This will make sure you use the global catalog service. This should be your root domain controller.

In the below script replace the ? what shows on the source for the user in each domain.

var user = new GlideRecord('sys_user');

user.addQuery ('user_name', workflow.inputs.u_user_name);

user.query();

if (user.next()){

if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

View solution in original post

37 REPLIES 37

Hi Brian & Daniel,

This post certainly helped me to troubleshoot few issues with our pwd reset/unlock capability through ServiceNow.

However, I am unable to get the 'unlock account' button immediately after the account is locked. If I wait for about 10 minutes and try to perform the unlock, I am able to see the button. Any idea why there is this lag in retrieving the locked status immediately after the domain account is locked?

(FYI, we have 3 domains and I am able to successfully reset passwords across all domains. Just that we're unable to retrieve the locked status immediately.)

Thanks!

Hello Daniel,
Do you recall where the above code goes into the script?
Thanks,
Gurbir

Brian,

I'm curious if you encountered the same issue I am, and if so, how you got around it. I have 4 separate domains that I need to manage. During the enrollment process, QA verification puts all the domains on the exact same page so that when a user attempts to enroll, they see the enrollment for each credential store, AND have to fill in every question (even from the other domains) to be able to enroll. Did you see this behavior at all?

I only have one credential store. Have several Active Directory domains but the process is the same for all of them. I just made updates to the workflow so I could change the domain controller as you have to be on a domain controller in the same domain as the user to reset their password.

Brian:

I'm trying to set up Password Reset as well. Where did you position this script in the Pwd Reset - AD workflow run Run Script activity?

Regards