Adaxes

Password Self-Service Properties

0 votes

Previously, Password Self-Service: Rich/HTML Enrollment Notifications?, an adm attribute was listed to report if a user was enrolled into self service.

I tested the attribute with a business unit, but results didn't return as expected.

Is this method still supported?

by (1.2k points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

The adm-PassswordSelfServiceEnrollmentPolicyDN attribute mentioned in that post is still available and supported, however you cannot use it for building Business Units. The thing is that Adaxes virtual attributes (all attributes with the adm- prefix) cannot participate in LDAP queries. Including Adaxes virtual attributes in LDAP searches would have a tremendous adverse effect on the overall performance.

As a workaround, we can suggest a Scheduled Task that would run a several times a day and copy the Password-Self Service Policy DN into a certain actual AD attribute that can participate in LDAP searches and that you don't use. For example, you can use such an attribute as Division. Then, you can use the attribute for building your Business Unit.

For example, here's a Scheduled Task that copies the Policy DN to the Division attribute:

In this case, a Membership Rule for a Business Unit containing all users enrolled for Password Self-Service will be as follows:

Related questions

0 votes
1 answer
Populate a User Attribute with Yes/No if enrolled in Password Self-Service

I see the script for generating a report of users enrolled, but what I'd like to do is run a script that can populate a user attribute with Yes/No or True/False if they are or are not enrolled. Is there an existing script that accomplishes this? Thanks

asked 5 days ago by msheppard (470 points)
0 votes
1 answer
We need to know specifically for self service password management what level of access in AD do I specifically need.

We need to know specifically for self service password management what level of access in AD do I specifically need.

asked May 9 by justinspring (20 points)
0 votes
0 answers
The password self service at windows login works on windows 10 but not windows 11.

We have followed your instructions to set up the password self service and we got it to work on windows 10 but the link does not show up on windows 11. is there something we can do to get the link to show up?

asked May 1 by rechevarria (40 points)
0 votes
1 answer
Limit Self Service Password Reset to a Single Managed Domain

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (80 points)
0 votes
1 answer
How to restrict users from resetting their password but only provide ability to change their password in self-service

Would like to know if we can remove the forget password link on Self-service login page or remove the ability for users to reset their password. We only want users to ... be able to change their password but not reset their password if they have forgotten it.

asked Mar 29, 2023 by Vish539 (460 points)
3,549 questions
3,240 answers
8,233 comments
547,827 users