Password Reset With Active Directory

Brian Lancaster
Tera Sage

Has anybody gotten password reset to work with Active Directory?   I can not find any information on the Wiki on setting it up with active directory.   Do I need to modify the workflow that comes with the plugin?   I have a MID servers setup and connected.

1 ACCEPTED SOLUTION

Found the issue. If anybody needs to do multiple domains this is what you will need to add to the Pwd Reset - AD in the Run Script at the beginning of the workflow.   You will need to also add this code to the Pwd Unlock Account - AD workflow.   Also for your credential store you will put for the host name [your domain controller]:3268.   This will make sure you use the global catalog service.   This should be your root domain controller.


In the below script replace the ? what shows on the source for the user in each domain.



var user = new GlideRecord('sys_user');


  user.addQuery ('user_name', workflow.inputs.u_user_name);


  user.query();


  if (user.next()){


  if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


  else if (user.source.toLowerCase().indexOf('dc=?,dc=?') > -1){


  workflow.scratchpad.domain = '[your domain controller]';


  }


View solution in original post

37 REPLIES 37

bricast


Brian,



I am working on multiple domain. The issue I am facing is the ldap is using different servers. Below is the screen shot of it :-


find_real_file.png



can you please suggest how to deal with this scenario when user's source can be one of the three URLs.


shadab_ali
Kilo Contributor

Hi Brian,



I'm facing the similar issue, wanna try your given solution, below is my scenario:



I'm trying to reset the password in a multi tenant environment by using password reset functionality in Portal page. I have setup the Processes and Credentials store and its successfully connected with ADFS. Whenever I click the RESET link in portal, its redirecting me to verify identity tab, after answering the questions, its moving to the Reset Password tab with the message "Identity successfully verified" and "Current account lock state:(Unable to retrieve user account lock state)".



In domain, the source field is blank, then what should i put there?



Error : Current account lock state:(Unable to retrieve user account lock state)


find_real_file.png



Kindly help.


Thanks


-SA


Brian Lancaster
Tera Sage

Hello Kamlesh,


Can you show me what the source field looks like on the user table.   That is what I was using to determiner what domain controller to use.   Not the LDAP Servers source.   You may have to add the source field by doing a config > form layout.


Brian,



This is what shows in the source field :-


find_real_file.png



I am unable to decide how to handle server URL as there are three server url being used and different users are coming from different url.


find_real_file.png


Brian Lancaster
Tera Sage

The LDAP URLs shouldn't really matter.   The source of the user is what you want to focus on.   You can do an indexOf on it and search for the domains (DC=domain, DC=com) so you can set the correct domain controller.   Now this post also assumes that these domains are in a parent child relationship so there is a trust and the global catalog server at the root domain can see all the accounts.   If not you would most likely need to set 3 different password reset Processes.   You can then use groups to put the user in the correct password reset bucket.   To do that you would un-check applies to all user and then it would give you the option to use a group for the process.