Solved: Password Reset With Active Directory - Page 4 - ServiceNow Community

Has anybody gotten password reset to work with Active Directory? I can not find any information on the Wiki on setting it up with active directory. Do I need to modify the workflow that comes with the plugin? I have a MID servers setup and connected.

10,693 Views

1 ACCEPTED SOLUTION

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow. You will need to also add this code to the Pwd Unlock Account - AD workflow. Also for your credential store you will put for the host name [your domain controller]:3268. This will make sure you use the global catalog service. This should be your root domain controller.

In the below script replace the ? what shows on the source for the user in each domain.

var user = new GlideRecord('sys_user');

user.addQuery ('user_name', workflow.inputs.u_user_name);

user.query();

if (user.next()){

if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){

workflow.scratchpad.domain = '[your domain controller]';

}

View solution in original post

37 REPLIES 37

it is in the run in the following 3 workflows

Pwd Reset - AD

Pwd Get Lock State - AD

Pwd Unlock Account - AD

Hi Brian,

I'm facing the similar issue, wanna try your given solution, below is my scenario:

I'm trying to reset the password in a multi tenant environment by using password reset functionality in Portal page. I have setup the Processes and Credentials store and its successfully connected with ADFS. Whenever I click the RESET link in portal, its redirecting me to verify identity tab, after answering the questions, its moving to the Reset Password tab with the message "Identity successfully verified" and "Current account lock state:(Unable to retrieve user account lock state)".

In domain, the source field is blank, then what should i put there?

Error : Current account lock state:(Unable to retrieve user account lock state)

Kindly help.

Thanks

-SA

105 KB

Hello Shadab,

I'm not sure what you mean by in the domain source is empty. In our transform map for that run as part of the ldap import we pull source and map it to source. When it is imported it displays as "ldap:distinguished name".

Distinguished name example: CN=name,OU=ou structure,OU=ou structure,DC=domain name,DC=domain name (at the end it is usually .com, .net, etc.)

Hello Brian,

Wondering if the above script goes on top of the rest of the script or i need to remove anything?

Noticed Daniel mentioned to remove "workflow.scratchpad.domain = credStore.getHostName()" from the script as well.

Thank you

It goes in the section where workflow.scratchpad.domain = crdStore.getHostName() as it is replacing that peace of code if I'm remembering correctly. However I no longer have access to the environment that had this and I have not looked at the code in the workflow in a very long time so I don't know what changes have been made.