This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to create account in AD with SetRandompassword as False

Go to solution
piyushm
New Contributor II
New Contributor II

‎10-27-2022 05:17 PM

I am trying to create a service account in AD with SetRandompassword set to FALSE. The task is failing with LDAP error code 53-SVCErr: DSID-031A126A, problem 5003.

In the createaccountjson I am passing the userPassword using the dynamic attribute where user can I enter the password(as per password policy). The requirement is to not use randompassword.

Please let me know if anyone has faced this issue.

Labels:
0 Kudos
14 REPLIES 14

Go to solution
rushikeshvartak
All-Star
All-Star

‎10-27-2022 09:18 PM

Is it following AD Policy of AD. please share json


Regards,
Rushikesh Vartak
0 Kudos

Go to solution
piyushm
New Contributor II
New Contributor II
In response to rushikeshvartak

‎10-27-2022 09:38 PM - edited ‎10-27-2022 09:40 PM

Unable to copy the json here. But I am using "userPassword": ${password} (password is dynamic attribute) and all other mappings are as per connector guide.

The same json works if setrandompassword is set to TRUE. The account gets created in AD.

And I can see the userPassword attribute value in AD set to the password entered in ARS form. But when I bind using that password in AD it fails. So Is it possible that AD is not using userPassword attribute and storing the random generated password  internally?

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to piyushm

‎10-27-2022 09:47 PM

@piyushm,

Try "UnicodePwd": ${password} instead of "userPassword": ${password} 

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
piyushm
New Contributor II
New Contributor II
In response to avinashchhetri

‎10-28-2022 08:14 AM

@avinashchhetri @rushikeshvartak - Thank you. I am able to create account with "UnicodePwd".

However, when I am using thesame in RESETANDCHANGEPASSWORDJSON, It is not working.

Meaning, when I change password using Change Password for Service Account Tile, the task gets completed but the new pwd is not working in AD. I only see pwdlastset as 0 in AD and whenchanged attribute updated to task completion timestamp.

I am using below:

{

"RESET":{
"pwdLastSet":"0",
"title":"password reset"},
"CHANGE":{

"UnicodePwd": {task.password},
"pwdLastSet":"-1",

"title":"password changed"}
}

 

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to piyushm

‎10-28-2022 08:24 AM

@piyushm,

You need not set the UnicodePwd parameter in the RESETANDCHANGEPASSWORDJSON.

This functionality will trigger when you either reset password on behalf of others or change it for yourself, in both cases you provide the password explicitly. The internal logic picks it from the task table and send it across to the target instance.

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to piyushm

‎10-28-2022 11:29 AM

{"RESET": {"pwdLastSet": "0","title": "password reset"},"CHANGE": {"pwdLastSet": "-1","lockoutTime": 0,"title": "password changed"}}


Regards,
Rushikesh Vartak
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to piyushm

‎10-27-2022 09:57 PM

{
"cn" : "${cn}",
"givenName" : "${user.firstname}",
"objectclass" : [
"top",
"person",
"organizationalPerson",
"user"
],
"pwdLastSet" : "0",
"samaccountname" : "${samaccountname}",
"sn" : "${user.lastname}",
"unicodepwd" : "SaviyntForum@123qazxswedc",
"userPrincipalName" : "${userPrincipalName}",
"extensionAttribute1":"To be Deleted"
}


Regards,
Rushikesh Vartak

Go to solution
piyushm
New Contributor II
New Contributor II

‎10-28-2022 12:35 PM

It works only if I pass "pwdLastSet":"-1" for RESET.  CHANGE paramenter does not make any update. It just resets the lastpwdset to 0 even if I pass it as -1.

Note that it is for Service Account.

{

"RESET":{
"pwdLastSet":"-1",
"title":"password reset"},
}

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to piyushm

‎10-28-2022 01:11 PM - edited ‎10-28-2022 01:13 PM

@piyushm,

How are you resetting the password for the service account ? from the UI or the API ?

Also it would make sense to start a new thread for this question as your original question seems to now have been answered.

 

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
piyushm
New Contributor II
New Contributor II
In response to avinashchhetri

‎10-28-2022 03:33 PM

@avinashchhetri 

I am resetting the password from UI. I will start a new thread if needed.

0 Kudos

Go to solution
JohnLawson
New Contributor III
New Contributor III
In response to piyushm

‎01-13-2023 06:53 AM

Did you ever get a resolution for this? I am having a similar problem.

0 Kudos

Go to solution
piyushm
New Contributor II
New Contributor II

‎01-13-2023 08:16 AM

Which json are you referring to?

For RESETANDCHANGEPASSWRDJSON, I used 

{
"RESET":{
"pwdLastSet":"-1"
}

}

 

For Createaccountjson it worked if I set these 2 parameters while creating account.

 

"accountExpires":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {} else {0}}",
"pwdLastSet":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {-1} else {0}

0 Kudos

Go to solution
JohnLawson
New Contributor III
New Contributor III
In response to piyushm

‎01-13-2023 08:22 AM

The CHANGE parameter in the RESETANDCHANGEPASSWORDJSON. Were you able to get that working?

0 Kudos

Go to solution
piyushm
New Contributor II
New Contributor II
In response to JohnLawson

‎01-15-2023 02:23 PM

You don't need CHANGE parameter. The RESET parameter alone does the job.

0 Kudos
Copyright © 2023 Khoros, LLC