Custom workflow - email user random generated password

Thank you for help. However, I have tried to hard-core both the $domain and $user as its defined in the
$user = $global.GetUserByName($connection, $userName, [string[]]("objectGUID", "mail"))

However, I have been triying to find out what the in-process variables is for the "logged in user". As for instance, domain, user name, mail, etc. I am just trying to make this code work so I have a proof-of-concept with Dell one password manager. :)

I would like to appriciate your help until now.

Here is my code until now:

 ---

#Passcode length

$PASSCODE_LENGTH = 12

 

#Passcode lifetime in minutes

$PASSCODE_LIFETIME = 1440 #(1 day)

 

#Uncomment these lines to send e-mail to a user, if he has e-mail address

#Variable $PASSCODE will contain user's passcode, all other variables are available too

$EMAIL_SUBJECT = 'Passcode'

$EMAIL_BODY = 'Your passcode is $PASSCODE'

 $domain='my.domain.com'

#Obtain Password Manager connection to the specified domain
$connection = $global.GetDirectoryConnectionByName($domain)

#If there is none, throw an exception
if ("$connection" -eq "") {
throw "Connection to domain $domain not found in Password Manager!"
}

 

#Obtain user's GUID

$userId = $user.objectGUID

 

#Generate a passcode for a user

$PASSCODE= $global.GeneratePasscode($PASSCODE_LENGTH)

 

#Assign passcode to a user

$global.QAProfileAssignPasscode($connection, $userId, $passcode, $PASSCODE_LIFETIME)

 

if ($EMAIL_SUBJECT -ne "" -and $EMAIL_BODY -ne "")

{

#Send e-mail with passcode, if user has an e-mail address

if ($user.mail -ne "")

{

$subject = $ExecutionContext.InvokeCommand.ExpandString($EMAIL_SUBJECT)

$body = $ExecutionContext.InvokeCommand.ExpandString($EMAIL_BODY)

$global.EmailUserHtml($mail, $subject, $body)

}

else

{

$log +="User account has no mail, will not send e-mail with passcode"

}

}

---
Kind regards
Bilal

This script sample should be useful:


function PostExecuting($workflow, $activity)
{
if ($activity.State.IsSuccess)
{

#gets the User from the Workflow context
$PMUser = $workflow.Userinfo

$PMUser | out-file c:\temp\scriptLogging.txt -append

#gets the GUID of the User
$UserGUID = $PMUser.id

$UserGUID | out-file c:\temp\scriptLogging.txt -append

}
else
{

}
}

Hi Terrence,

Thanks a lot for your time and help. I have managed to do a lot after your last post. I managed to retrieve the user information and domain. The passcode is being generated and sent to the email and logging is working. I have been debugging a lot to make it work.

The only thing that is still not working is that the generated passcode is not assigned to the user-account. The following line does not seem to work:

$global.QAProfileAssignPasscode($connection, $userId, $PASSCODE, $PASSCODE_LIFETIME)
# Log to see if the passcode is set on the user
"After the passcode is set:" | out-file d:\temp\scriptLogging.txt -append
$PMUser | out-file d:\temp\scriptLogging.txt -append

I also log to see if the passcode is set on the user, as you can see above. The result is:

HasPasscode : False

So my conclusion so far is that the "$global.QAProfileAssignPasscode" does not set the passcode on the user.

What could be the reason for the passcode not being set? The passcode is being generated and sent to the users mail, and I have managed it to print out in the log. So that is not the issue.

Kind regards
Bilal

This sounds like great progress.

Without seeing your code, i would try to output the values of following at runtime to a file to see what they contain:

$global
$connection
$userId
$PASSCODE
$PASSCODE_LIFETIME

Yeah, that what I did.

Everything gets printed out and looks correct, without "@global"
The result is: QPM.Service.PowerShell.Global

Which does not look right?

Kind regards
Bilal

That result for the output of $global is fine, because it is a PowerShell object.

Pipe it to get-member so that you can see the attributes and methods that it contains.

It may also accept the -Passthru parameter, so that you can see if it is encountering an error at runtime.

Yeah, that worked. But how do I troubleshoot?

The result is:


Name MemberType Definition
---- ---------- ----------
AddFailedAuthAttempt Method void AddFailedAuthAttempt(QPM.Common.Connections.DirectoryInfo directo...
AddHistoryRecord Method void AddHistoryRecord(string message)
AuthenticateWithPasscode Method bool AuthenticateWithPasscode(QPM.Common.Connections.DirectoryInfo dir...
ClearFailedAuthAttempts Method void ClearFailedAuthAttempts(QPM.Common.Connections.DirectoryInfo dire...
CreateDirectoryConnection Method QPM.Common.Connections.DirectoryInfo CreateDirectoryConnection(string ...
EmailUser Method void EmailUser(string recipientAddress, string subject, string body)
EmailUserHtml Method void EmailUserHtml(string recipientAddress, string subject, string body)
Equals Method bool Equals(System.Object obj)
GenerateLocalPasswordResetResponse Method string GenerateLocalPasswordResetResponse(QPM.Common.Connections.Direc...
GeneratePasscode Method string GeneratePasscode(int length)
GeneratePassword Method string GeneratePassword(QPM.Common.Connections.DirectoryInfo directory...
GetConnections Method System.Collections.Generic.IEnumerable[QPM.Common.Connections.Connecti...
GetCurrentHost Method QPM.Common.InfoClasses.HostSettingsInfo GetCurrentHost()
GetDirectoryConnection Method QPM.Common.Connections.DirectoryInfo GetDirectoryConnection(string con...
GetDirectoryConnectionByName Method QPM.Common.Connections.DirectoryInfo GetDirectoryConnectionByName(stri...
GetDirectoryConnections Method QPM.Common.Connections.DirectoryInfo[] GetDirectoryConnections(System....
GetFailedAuthAttempts Method System.Collections.Generic.List[QPM.Service.Storages.Helpers.AuthAttem...
GetHashCode Method int GetHashCode()
GetQAPolicies Method QPM.Common.QAPoliciesInfo GetQAPolicies(string configurationSetId)
GetStorageContainerAttributeName Method string GetStorageContainerAttributeName()
GetType Method type GetType()
GetUserByAttribute Method string GetUserByAttribute(QPM.Common.Connections.DirectoryInfo directo...
GetUserById Method string GetUserById(QPM.Common.Connections.DirectoryInfo directoryInfo,...
GetUserByName Method string GetUserByName(QPM.Common.Connections.DirectoryInfo directoryInf...
GetUserConfigurationSetId Method string GetUserConfigurationSetId(QPM.Common.Connections.DirectoryInfo ...
LdapEscape Method string LdapEscape(string str)
LdapFindAll Method string[] LdapFindAll(QPM.Common.Connections.DirectoryInfo directoryInf...
LdapFindOne Method string LdapFindOne(QPM.Common.Connections.DirectoryInfo directoryInfo,...
Localize Method QPM.Common.LocalizedItem Localize(string resourceId), QPM.Common.Local...
Log Method void Log(string message)
LogError Method void LogError(string message)
LogEvent Method void LogEvent(string message)
LogEventError Method void LogEventError(string message)
LogEventWarning Method void LogEventWarning(string message)
LogWarning Method void LogWarning(string message)
QAProfileAssignPasscode Method void QAProfileAssignPasscode(QPM.Common.Connections.DirectoryInfo dire...
QAProfileAuthenticate Method System.Collections.Generic.List[string] QAProfileAuthenticate(QPM.Comm...
QAProfileClearForceEnrollStartDate Method void QAProfileClearForceEnrollStartDate(QPM.Common.Connections.Directo...
QAProfileLock Method void QAProfileLock(QPM.Common.Connections.DirectoryInfo directoryInfo,...
QAProfileRead Method QPM.Common.QAProfileInfo QAProfileRead(QPM.Common.Connections.Director...
QAProfileSetForceEnrollStartDate Method void QAProfileSetForceEnrollStartDate(QPM.Common.Connections.Directory...
QAProfileUnlock Method void QAProfileUnlock(QPM.Common.Connections.DirectoryInfo directoryInf...
QAProfileUpdate Method void QAProfileUpdate(QPM.Common.Connections.DirectoryInfo directoryInf...
SearchUser Method string[] SearchUser(QPM.Common.Connections.DirectoryInfo directoryInfo...
ToString Method string ToString()
UserChangePassword Method void UserChangePassword(QPM.Common.Connections.DirectoryInfo directory...
UserEnableAccount Method void UserEnableAccount(QPM.Common.Connections.DirectoryInfo directoryI...
UserResetPassword Method void UserResetPassword(QPM.Common.Connections.DirectoryInfo directoryI...
UserSetChangePasswordAtNextLogon Method void UserSetChangePasswordAtNextLogon(QPM.Common.Connections.Directory...
UserUnlockAccount Method void UserUnlockAccount(QPM.Common.Connections.DirectoryInfo directoryI...

This method is prepended with "QAProfile". Are you using a test User with a populated Questions and Answers profile?

Hi Terrance,

None of our users have created QA profile and we do not want to introduce and force users to create QA. Is it way to to not require users to create QA. Our need is simply;

• User have forgotten his password and get a passcode sent to his email.
• set a new password on his account after the passcode is verified.

Can I use another function to make this work? To set a passcode on a user without QA profile?

Kind regards
Bilal

I believe that this method requires that a profile be present, but I'm not sure. Try testing it with an account which has one.

If it works, there should be a way to programmatically populate the profile, as a pre-requisite for this method.