Password Self-Service Properties

Previously, Password Self-Service: Rich/HTML Enrollment Notifications?, an adm attribute was listed to report if a user was enrolled into self service.

I tested the attribute with a business unit, but results didn't return as expected.

Is this method still supported?

by (1.2k points)

1 Answer

by (216k points)
Best answer
0 votes

Hello,

The adm-PassswordSelfServiceEnrollmentPolicyDN attribute mentioned in that post is still available and supported, however you cannot use it for building Business Units. The thing is that Adaxes virtual attributes (all attributes with the adm- prefix) cannot participate in LDAP queries. Including Adaxes virtual attributes in LDAP searches would have a tremendous adverse effect on the overall performance.

As a workaround, we can suggest a Scheduled Task that would run a several times a day and copy the Password-Self Service Policy DN into a certain actual AD attribute that can participate in LDAP searches and that you don't use. For example, you can use such an attribute as Division. Then, you can use the attribute for building your Business Unit.

For example, here's a Scheduled Task that copies the Policy DN to the Division attribute:

In this case, a Membership Rule for a Business Unit containing all users enrolled for Password Self-Service will be as follows:

Related questions

No 'Confirm Password' box in Self-Service after 2025.1 upgrade (myaccount/web)

We recently upgraded to 2025.1 and noticed (see screenshot) that there is no confirm password box for self-service password reset now. I cannot find in web config or ... password, and since there is no Confirm Box; they are setting an incorrect new password.

asked Oct 8 by stevemkoenig (20 points)
0 votes
1 answer
Is it possible to have users enter an external "recovery email address" during self service password portal enrollment?

The mail attribute pulls from their Active Directory email attribute which for most of our users is their internal email address. They would not be able to ... ourselves and the users could just provide their external email address during portal enrollment.

asked Sep 22 by jturgeon (20 points)
0 votes
1 answer
Populate a User Attribute with Yes/No if enrolled in Password Self-Service

I see the script for generating a report of users enrolled, but what I'd like to do is run a script that can populate a user attribute with Yes/No or True/False if they are or are not enrolled. Is there an existing script that accomplishes this? Thanks

asked Nov 19, 2024 by msheppard (880 points)
0 votes
1 answer
We need to know specifically for self service password management what level of access in AD do I specifically need.

We need to know specifically for self service password management what level of access in AD do I specifically need.

asked May 9, 2024 by justinspring (20 points)
0 votes
1 answer
The password self service at windows login works on windows 10 but not windows 11.

We have followed your instructions to set up the password self service and we got it to work on windows 10 but the link does not show up on windows 11. is there something we can do to get the link to show up?

asked May 1, 2024 by rechevarria (40 points)
0 votes
0 answers