This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom workflow - email user random generated password

 Hello guys,


I have just recently installed One Identity Password Manager version in our test-environment. We see that the existing workflows can not apply to our situation, and need to create a new simple custom workflow. We are looking for a self-selvice portal for our users where they simply can reset their password.


The workflow should consist of a user searching after his AD-user and then choose the custom workflow "Password email reset" workflow, a random generated password is set on the user account in AD (in addition: "user must change password at next logon" is checked), and an email is sent to the user with the password.


The best would be to email the user a link which he then access and set a new password - like the way facebook, gmail, etc do it. Is this possible? :)


Best regards


  • Tried to set QA on the account, by using the built-in workflow: "My questions and Answars profile". I authenticated and everything, but get "Access is denied" even though my password is correct. So not completely sure what the error is. Tried to check the logs, but nothing useful to found.

    Kind regards
  • Is the Password Manager service account a Domain Administrator, or did you use the minimum permissions guide?
  • Hi,

    It seemed like giving the service account more permissions solved the issue. It did not require that QA profile was created for the user and the same function could be used.

    Kind regards
  • That's good to know, thanks.

    If you can scrub and/or comment your final script, please post it back to the community for feedback and for future use.
  • Hi,

    Thanks a lot for your support and help. I will firstly try to comment in the code as much as possible so it will make sense to everyone, secondly it will be posted here afterwards.

    Do you know if its possible to import password policy from a GPO to Password manager?
  • Thanks, I am very interested to see your solution for this problem.

    To my knowledge, it is not possible to programmatically build-out the Password Manager Password Policy, so, no, I don't think that this is possible.
  • Hello Terrence!

    Sorry, I have been on vacation, but now back. To finalize everything I have one question, is there anyway I can retrieve the value of a extentionAttribute/or any attribute in AD in the code?

    Right now I retrieve the email-attribute like this:

    $userName = $
    #Find user by name in the specified domain
    $user = $global.GetUserById($connection, $userName, [string[]]("objectGUID", "mail"))
    # Users e-mail attribute in AD

    Kind regards


  • This is built-in.

    Use something like this:

    $pmUserMail = $workflow.Userinfo.AccountInfo.Mail

    Be sure to have a catch for objects without mail addresses assigned.