Adaxes

Password Self-Service Properties

0 votes

Previously, Password Self-Service: Rich/HTML Enrollment Notifications?, an adm attribute was listed to report if a user was enrolled into self service.

I tested the attribute with a business unit, but results didn't return as expected.

Is this method still supported?

by (1.2k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

The adm-PassswordSelfServiceEnrollmentPolicyDN attribute mentioned in that post is still available and supported, however you cannot use it for building Business Units. The thing is that Adaxes virtual attributes (all attributes with the adm- prefix) cannot participate in LDAP queries. Including Adaxes virtual attributes in LDAP searches would have a tremendous adverse effect on the overall performance.

As a workaround, we can suggest a Scheduled Task that would run a several times a day and copy the Password-Self Service Policy DN into a certain actual AD attribute that can participate in LDAP searches and that you don't use. For example, you can use such an attribute as Division. Then, you can use the attribute for building your Business Unit.

For example, here's a Scheduled Task that copies the Policy DN to the Division attribute:

In this case, a Membership Rule for a Business Unit containing all users enrolled for Password Self-Service will be as follows:

Related questions

0 votes
0 answers
The password self service at windows login works on windows 10 but not windows 11.

We have followed your instructions to set up the password self service and we got it to work on windows 10 but the link does not show up on windows 11. is there something we can do to get the link to show up?

asked 1 day ago by rechevarria (20 points)
0 votes
1 answer
Limit Self Service Password Reset to a Single Managed Domain

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (60 points)
0 votes
1 answer
How to restrict users from resetting their password but only provide ability to change their password in self-service

Would like to know if we can remove the forget password link on Self-service login page or remove the ability for users to reset their password. We only want users to ... be able to change their password but not reset their password if they have forgotten it.

asked Mar 29, 2023 by Vish539 (310 points)
0 votes
0 answers
Password Self Service Autoenrollment script is non-functional and manual enrollment does not work as well.

Whether I try to run a script or manually run the commands to enroll users, users remain unenrolled. Example of a basic script: Import-Module ... ` -QuestionsAndAnswers @{$question1=$answer1;$question2=$answer2} -AdaxesService localhost Adaxes version 2021

asked Mar 27, 2023 by gwadmin (80 points)
0 votes
1 answer
Users using Forget password link in self service portal are prompted to change password again

We have implentend Adaxes in our infrastructure and users who use forget their password link via Adaxes self service portal by going thorugh the registered Q&A are being prompted to ... by a specific business rule, I am unable to check this via the log

asked Mar 14, 2023 by Vish539 (310 points)
3,358 questions
3,057 answers
7,802 comments
545,175 users