
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2015 06:10 AM
Has anybody gotten password reset to work with Active Directory? I can not find any information on the Wiki on setting it up with active directory. Do I need to modify the workflow that comes with the plugin? I have a MID servers setup and connected.
Solved! Go to Solution.
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2015 12:27 PM
Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow. You will need to also add this code to the Pwd Unlock Account - AD workflow. Also for your credential store you will put for the host name [your domain controller]:3268. This will make sure you use the global catalog service. This should be your root domain controller.
In the below script replace the ? what shows on the source for the user in each domain.
var user = new GlideRecord('sys_user');
user.addQuery ('user_name', workflow.inputs.u_user_name);
user.query();
if (user.next()){
if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){
workflow.scratchpad.domain = '[your domain controller]';
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2017 04:40 AM
Brian,
I am working on multiple domain. The issue I am facing is the ldap is using different servers. Below is the screen shot of it :-
can you please suggest how to deal with this scenario when user's source can be one of the three URLs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2016 04:51 AM
Hi Brian,
I'm facing the similar issue, wanna try your given solution, below is my scenario:
I'm trying to reset the password in a multi tenant environment by using password reset functionality in Portal page. I have setup the Processes and Credentials store and its successfully connected with ADFS. Whenever I click the RESET link in portal, its redirecting me to verify identity tab, after answering the questions, its moving to the Reset Password tab with the message "Identity successfully verified" and "Current account lock state:(Unable to retrieve user account lock state)".
In domain, the source field is blank, then what should i put there?
Error : Current account lock state:(Unable to retrieve user account lock state)
Kindly help.
Thanks
-SA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2017 05:00 AM
Hello Kamlesh,
Can you show me what the source field looks like on the user table. That is what I was using to determiner what domain controller to use. Not the LDAP Servers source. You may have to add the source field by doing a config > form layout.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2017 03:42 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2017 04:04 AM
The LDAP URLs shouldn't really matter. The source of the user is what you want to focus on. You can do an indexOf on it and search for the domains (DC=domain, DC=com) so you can set the correct domain controller. Now this post also assumes that these domains are in a parent child relationship so there is a trust and the global catalog server at the root domain can see all the accounts. If not you would most likely need to set 3 different password reset Processes. You can then use groups to put the user in the correct password reset bucket. To do that you would un-check applies to all user and then it would give you the option to use a group for the process.