0 votes

Hello,

I'd like setup a new custom command on the Administrator dashboard that would run the following tasks against a disabled user account simultaneously.

  • Enable their account if its disabled
  • Set a new secure password
  • Modify their user user account so that they are forced to change their password at next login
  • Email the affected user with their new temporary password

I've tried setting up the following custom command but the password value is returning null in the email when using the %unicodePwd% value. Is there a workaround for this?

image.png

by (400 points)

1 Answer

0 votes
by (223k points)

Hello,

The %unicodePwd% value reference resolves into a user password only in Business Rules triggering Before/After creating a user, resetting/changing/self-resetting password of a user. In all other cases, the value reference will resolve into an empty value.

To achieve the desired, you can use a value reference based template in the Reset password for the user action (e.g. TempPwd-%firstname,3%%lastname,3%) image.png and use the very same template in the Send email notification action. image.png

0

Thanks for the reply. I tried this out and it seems like the password that generated are too insecure too meet our compliance requirements. For instance, using the template you provided above would result in the password for a user named 'John Doe' to be -

'TempPwd-JohDoe'

How would I go about setting more secure passwords? Is there a better way I should be going about this process?

You mentioned that this value is captured in the resetting/changing/self-resetting password of a user business rule. Would it be possible to modify that business rule to also send an email and re-enable the account if disabled?

+1

Hi sirslimjim,

We are doing similar and use the %adm-RandomString,12% for this purpose. Within a custom command, each time you reference the %adm-RandomString,12% after it is first generated it will be the same.

So if you reset the users password to %adm-RandomString,12% and then send them an email containing %adm-RandomString,12% it will be the same.

Hope this helps,

More info about the string can be found here: http://www.adaxes.com/help/ValueReferences.CalculatedProperties.html

0

Hello,

The approach described by Anton should work just fine. Additionally, you can add special characters to the template (e.g. %adm-RandomString,12%/!&) for the passwords to meet complexity requirements.

If this approach still does not meet your needs, you can move the Send email notification action to a Business Rule triggering After resetting password of a user. As a result, you will be able to use the Generate random complex password option in the Reset user password action of the Custom Command and use the %unicodePwd% value reference to send newly set passwords to users. Enabling the user can remain in the Custom Command, but if you want, it can be done in the Business Rule. Finally, you should have the following:

Custom Command image.png Business Rule image.png

Related questions

0 votes
1 answer

Is there a way to get the name of the user who approved a request and supply that to a step inside of a custom command? For example, HR submits a status change for an employee. ... and pass it as a param in a custom command that is called in one of the steps?

asked May 12, 2021 by davfount90 (20 points)
0 votes
1 answer

Hi, I followed this example: https://www.adaxes.com/sdk/IAdmTop6.html, but because the Custom Command is disabled, I get the following error message: System.Management.Automation ... if I enable the Custom Command. I am using Adaxes 2018.2 Best Regards Martin

asked Feb 19, 2020 by Martin (50 points)
0 votes
1 answer

Hello, Is it possible to execute a custom command after creating a user, with the intention to prompt the end user for more information? For example we have a User ... would then prompt for a 'Country' to be specified from a param dropdown list. Thanks

asked Mar 10 by bavery (250 points)
0 votes
1 answer

Hello, we cannot delete users with adminCount=1 with the buildin action "Delete the user" because of missing (adminSDHolder)permission to delete users as ... $identity = "%distinguishedName%" Remove-AdmUser -Identity $identity -Confirm:$False regards Helmut

asked Nov 17, 2020 by a423385 (510 points)
0 votes
0 answers

Trying to configure a custom launcher in Thycotic Secret Server that will launch Adaxes on the user's local machine with the username and password passed as parameters. Has anyone made this work?

asked May 20 by amillard (20 points)
2,761 questions
2,494 answers
6,537 comments
1,482,472 users