Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Issue in a Reset AD account Password

tbhavya
New Contributor
New Contributor

Hi Team,

We have a requirement like after reactivating/enable the AD account we need reset the password and that password will be sent via an email.

 we tried by adding "RESETPASSWORD":"YES" in EnableAccountJson .  Is the correct way to use for resetting the account password? 

tbhavya_1-1695974656500.png

Can you please help me with this?

15 REPLIES 15

SumathiSomala
All-Star
All-Star

@tbhavya I have worked on the similar use case,

EnableaccountJSON

{
"USEDNFROMACCOUNT": "NO",
"MOVEDN": "NO",
"AFTERMOVEACTIONS": {
"userAccountControl": "512"
},
"REMOVEGROUPS": "NO"

}

Create email template and attach it in Endpoint. A random password will be shared to user once the account is enabled.

Use below binding variable in your email template.

${task.password}

SumathiSomala_0-1695976099773.png

Let me know if it helps.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Hi @SumathiSomala ,

Thanks for the information.
Actually, Initially we are sending the username and password once new account task is completed for that we are using ${task.password} the same to get the password. 
Can we use  ${task.password} for enable account password? After reactivating account ,password should be the new one ?

tbhavya_1-1695979256886.png

Is system remember the previous password? if it's true we need to reset it and sent to user after reactivating ?  Please let me know your thoughts that would be helpful.

 

Thanks.

 

 

 



Hi @tbhavya ,

While disabling the account I am passing the random password attribute.

{
"deleteAllGroups":"No",
"userAccountControl":"514",
"password": "${randomPassword}"
}

 

Once the account is enabled it will generate new password in Saviynt.

Just try for user by creating new account and disable it and then perform enable operation and check the passwords.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

tbhavya
New Contributor
New Contributor

Hi @SumathiSomala 

As you said, I have given following json's for AD connector

ENABLEACCOUNTJSON:

{
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "NO",
"AFTERMOVEACTIONS": {
"userAccountControl": "512"
},
"REMOVEGROUPS": "NO"

}

DISABLEACCOUNTJSON :

{
"deleteAllGroups": "No",
"userAccountControl": "514",
"password": "${randomPassword}"
}

I have created a user ,for new account task we are getting the correct password.

Later I disable the account and enable it. After enabling have validated with new password which is sent via email, showing incorrect username and password.

I had tried with new account password again that is also not working.

Thanks,

@tbhavya 

Could you please try with the below JSON.

 

EnableAccountJSON:
 
  {
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "NO",
"AFTERMOVEACTIONS": {
"userAccountControl": "512"
},
"REMOVEGROUPS": "NO",
"RESETPASSWORD": "YES"
 
}
Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Hi @SumathiSomala ,

tbhavya_1-1696314189661.png

Yes I'm trying the same by adding "Resetpassword":"yes".  Getting the below error when we are trying to use/validating the enable account password.

tbhavya_0-1696314012755.png

Thanks,

@tbhavya give a try with below JSON

{
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "NO",
"AFTERMOVEACTIONS": {
"userAccountControl": "512",
"userPassword":
"${randomPassword}",
"pwdLastSet": "0"
},
"REMOVEGROUPS": "NO"
}

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

@tbhavya You can catch that ${randomPassword} as a variable in the email notification .

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Hi @SumathiSomala 

If I use random password variable in email notification, email itself is not triggered. Showing the below error .

tbhavya_0-1696322810640.png

 

 

@tbhavya Could you pls try with ${randompassword} or  ${task.password} 

SumathiSomala_0-1696323359658.png

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Hi @SumathiSomala 

Email is triggering fine now but still the same error

tbhavya_1-1696325925431.png

can we use change password in user update rule for that account? like below

tbhavya_2-1696326031336.png

 

@tbhavya Give a try and use ${account_password} variable in email

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Hi @tbhavya Is your issue resolved?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

tbhavya
New Contributor
New Contributor

Hi @SumathiSomala 

The issue got resolved and thank you for your help.

Bhavya.

SumathiSomala
All-Star
All-Star

@tbhavya thanks for the confirmation, could you please provide the resolution steps to resolve this issue. It would be help for someone who face the same issue in future.

Ex: EnableaccountJSON, binding variable used in email and user update rules if u used

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.