This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

random password not working on AD account creation

Ankyt19
Regular Contributor
Regular Contributor

‎01-17-2023 02:21 AM

Hi Team,

 

I have configured SETRANDOMPASSWORD= TRUE parameter in AD connection . Also it is sending random password as well as per password policy added in connection ...account is created in AD correctly..but when logging in qusing another LDAP browser using the password set on account creation , login is not working .

 

Any idea why it is ? It was working before ..but failing now ..no changes made its completely same setup .

 

@rushikeshvartak @avinashchhetri 

Labels:
0 Kudos
14 REPLIES 14

sk
All-Star
All-Star

‎01-17-2023 07:39 AM

What is your createAccountJSON?


Regards,
Saathvik
0 Kudos

rushikeshvartak
All-Star
All-Star

‎01-17-2023 07:48 AM

Did you set reset  password on firsttime  login


Regards,
Rushikesh Vartak
0 Kudos

avinashchhetri
Saviynt Employee
Saviynt Employee

‎01-17-2023 09:14 AM

@Ankyt19 ,

If  you have configured the new accounts to change password on first login, then first time logging in from the LDAP Browser does not work.

Try logging through a remote session or some other means to validate.

 

 

Regards,
Avinash Chhetri
0 Kudos

Ankyt19
Regular Contributor
Regular Contributor

‎01-18-2023 10:46 AM

It is unchecked .still not working

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Ankyt19

‎01-18-2023 10:55 AM

Share JSON


Regards,
Rushikesh Vartak
0 Kudos

Ankyt19
Regular Contributor
Regular Contributor

‎01-23-2023 01:43 AM

Hi @rushikeshvartak  ,

you mean create account json?

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Ankyt19

‎01-23-2023 04:23 AM

Yes


Regards,
Rushikesh Vartak
0 Kudos

Harish_Yara
New Contributor III
New Contributor III

‎01-24-2023 02:49 AM

@rushikeshvartak  pls find the below CREATE ACCOUNT JSON
{
"co":"${if(null!=user.customproperty24){user.customproperty24}else{''}}",
"employeeNumber":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"employeeID":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"department":"${if(null!=user.customproperty33){user.customproperty33}else{''}}",
"employeeType":"${if(null!=user.employeeType){user.employeeType}else{''}}",
"givenName":"${if(null!=user.customproperty41){user.customproperty41}else{''}}",
"ExtensionAttribute7":"${user.username}",
"sAMAccountName":"${if(user.employeeType.equals('Internal Employee')&& null!=user.employeeid){user.employeeid}else{'A_'+user.systemUserName}}",
"sn":"${if(null!=user.customproperty42){user.customproperty42}else{''}}",
"title":"${if(null!=user.jobcodedesc){user.jobcodedesc}else{''}}",
"userPrincipalName":"${user.customproperty44+'@ABC.com'}",
"physicalDeliveryOfficeName":"${if(user.employeeType.equals('Managed Contractor')){user.city} else{''}}",
"company":"${if(null!=user.customproperty54){user.customproperty54}else{''}}",
"manager":"${managerAccount==null?'':managerAccount.accountID}",
"streetAddress":"${if(null!=user.street){user.street}else{''}}",
"comment":"${if(null!=user.comments){user.comments}else{''}}",
"objectClass": ["top","person","organizationalPerson","user"],
"accountExpires": "${if(user.employeeType.equals('Managed Contractor')) {Long.toString(10000*(user.enddate.getTime() + 11644473600000+122400000))} else{'0'}}",
"description":"User Created via Saviynt",
"pwdLastSet":"-1"
}

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Harish_Yara

‎01-24-2023 01:04 PM

I see you are resetting password once its set pwdLastSet


Regards,
Rushikesh Vartak
0 Kudos

sk
All-Star
All-Star
In response to Harish_Yara

‎01-25-2023 05:34 AM

Try below JSON

{
"co":"${if(null!=user.customproperty24){user.customproperty24}else{''}}",
"employeeNumber":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"employeeID":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"department":"${if(null!=user.customproperty33){user.customproperty33}else{''}}",
"employeeType":"${if(null!=user.employeeType){user.employeeType}else{''}}",
"givenName":"${if(null!=user.customproperty41){user.customproperty41}else{''}}",
"ExtensionAttribute7":"${user.username}",
"sAMAccountName":"${if(user.employeeType.equals('Internal Employee')&& null!=user.employeeid){user.employeeid}else{'A_'+user.systemUserName}}",
"sn":"${if(null!=user.customproperty42){user.customproperty42}else{''}}",
"title":"${if(null!=user.jobcodedesc){user.jobcodedesc}else{''}}",
"userPrincipalName":"${user.customproperty44+'@ABC.com'}",
"physicalDeliveryOfficeName":"${if(user.employeeType.equals('Managed Contractor')){user.city} else{''}}",
"company":"${if(null!=user.customproperty54){user.customproperty54}else{''}}",
"manager":"${managerAccount==null?'':managerAccount.accountID}",
"streetAddress":"${if(null!=user.street){user.street}else{''}}",
"comment":"${if(null!=user.comments){user.comments}else{''}}",
"objectClass": ["top","person","organizationalPerson","user"],
"accountExpires": "${if(user.employeeType.equals('Managed Contractor')) {Long.toString(10000*(user.enddate.getTime() + 11644473600000+122400000))} else{'0'}}",
"description":"User Created via Saviynt",
"pwdLastSet":"0",

"userPassword": " ${randomPassword}"
}


Regards,
Saathvik
0 Kudos

Mk
New Contributor II
New Contributor II

‎01-24-2023 10:51 PM

Hi @rushikeshvartak ,

1. Can I understand how you got to that conclusion? Is it bcz of we're sending pwdlastset = -1?

FYU, we've also tried pwdlastset =0 and also removing this attribute entirely. But still we're facing same issue.

2. Let me explain the issue completely.

We're creating AD account --> Exchange account --> And other applications & License assignments. We're trying to send the pwd after all the user onboarding is completed via email at end point level with task.password using change password action type. We're able to receive new password but not able to login to 'office.com'.

In order to validate, we tried logging to 'office.com' using the initial password (ie., pwd generated at the time of AD account creation) we're able to login to 'office.com'. But we're not able to login with the new pwd after doing change password action.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Mk

‎01-25-2023 04:49 AM

It clearly says change password is not working do u see any logs ?

how do u trigger change password ?


Regards,
Rushikesh Vartak
0 Kudos

Mk
New Contributor II
New Contributor II
In response to rushikeshvartak

‎01-29-2023 10:04 PM

We're triggering change password via User update rule.

And for logs,we don't see any error.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Mk

‎01-30-2023 03:00 AM

Please share logs


Regards,
Rushikesh Vartak
0 Kudos
Copyright © 2023 Khoros, LLC