Saviynt Forums

TAR · ‎06/06/2023

We are trying to configure the Change password json for AD password change, the requirement is when a user do a password reset, we have to update that password and also set PwdLastSet to -1 (Not set the change password at next logon) but if other user is setting the password for a different user, we have to update the password and set pwdLastSet should be set to 0 (set the change password at next logon), We are using the below json but it is not working

{

"RESET": {

"UnicodePwd": "${task.password}",

"pwdLastSet": "${(task.requestedBy == user?.id) ? '-1': '0'}"

}

prashantChauhan · ‎06/09/2023

Hi @TAR

Can you please attach the debug logs that you get while processing the task? Is the task failing?

prashantChauhan · ‎06/09/2023

Also, please try a format like below-

{
"RESET": {
"pwdLastSet": "if(task.source == null || ( task.source.equals(\"changeOwnPasswordFromUI\") || task.source.equals(\"forgotPassword\") || (\"dll_by_user\").equalsIgnoreCase(task.source))){return -1}else{return 0}"
},
"CHANGE": {
"pwdLastSet": "-1",
"lockoutTime": 0,
"title": "password changed"
}
}

vivekmohanty_pm · ‎06/12/2023

@TAR

{
  "RESET": {//if some other user changes the password this block is executed
    "pwdLastSet": "0" 
    //add other logics
  },
  "CHANGE": { // if a user changes its own password then this block is executed
    "pwdLastSet": "-1" 
    //add other logics
  }
}

Saviynt Forums

Set up pwdLastSet in Change Password JSON in AD