0 votes

Hello,

We have recently migrated to Office 365 and are experiencing a few problems related to password.

When I create a user using Adaxes, Adaxes automatically send out an SMS to the new user with the username and password. However the password is not possible to use for Office 365 signon, only our local AD-network.

We have enabled Dirsync with password sync, and I have also enabled the password sync functionality in Adaxes.

If I wait a few minutes after the user is created (after the e-mail account in O365 is created), and THEN reset the password one more time, everyting works fine. The user is able to logon using both our local AD and Microsoft Online.

To me it seems like the password sync functionality of Adaxes only works when resetting a password, not setting a new during using user creation. How can we solve this problem?

Regards,
Eirik Zakariassen

by (120 points)
0

Hello Eirik,

How are Office 365 accounts created? Do you have a Business Rule triggered after creating a user that creates an Office 365 account or create the accounts manually?

0

Hello,

I actually have two different business rules for two different kind of users (students and teachers). Since you asked, I tried the other usertype, and that worked as expected.

The business rule for the students work as expected. It checks what the department property starts with, and activates the Office 365 account for the user based on the department. When I create a student-user, the password works with Microsoft Online directly after creation.

The business rule for the teachers however, exectutes a custom command in order to activate the Office 365 account for the user. The custom command also checks the department property, but has to do a if-statement to check different departments. It does not follow the same standard as the students department property. After creating a teacher-user, the password does not work with Microsoft Online.

0

Do you have any idea how I can fix the password problem for users created with a business rule that uses a custom command?

For the students it's easy creating rules for licensing etc since all students has a department that starts with "xxx students", but our academic staff doesn't have the same kind of standardization in the department or the groups they are a member of. Therefore I have created a if-statement in a custom command that checks each department. I couldn't get this to work in the business rule.

Regards,
Eirik

0

Hello Erik,

Could you post screenshots of the actions and conditions of the Custom Command and the Business Rule that you've created for teachers? Also, how is the password assigned to new users? Do your guys specify it directly on the form for creating new users or is it generated automatically, for example as a part of the Business Rule?

If you don't want to post screenshots here, you can send them to the following e-mail: support[at]adaxes.com.

0

Hello,

The passwords are generated with the value "%adm-randomstring,8%" in the User Pattern. (by the way: is it possible to generate passwords without similar letters? I know it's possible with a custom command, but can't figure out how to do it on user creation)

The Business Rule for the teachers looks like this:

and the Custom Command like this (with a lot more if-then):

The Execution Log after user creation looks like this:

Regards,
Eirik

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Eirik,

The thing is that Adaxes can retrieve a password for a user when it is set via Adaxes, that is, during the operations of creating a new user or changing a user's password. When a password is already saved in AD, it is impossible to retrieve it in Adaxes.

In your Business Rule for students, you create an Office 365 account within a Business Rule triggered upon creating a new user. In such a situation, a password can be retrieved and passed over to the Office 365 account. However, in the situation with teachers, you use a Custom Command to create an Office 365 account. Executing a Custom Command is a completely different operation than creating a new user, and thus it is impossible to retrieve the password and pass it to the Office 365 account.

Since Office 365 does not allow creating accounts without passwords, it generates a temporary password on its own, which, as you can see, is completely different from the password generated by Adaxes:

To remedy the issue, you need to move the logic for enabling the Office 365 account from the Custom Command to the Business Rule triggered after creating a user.

by the way: is it possible to generate passwords without similar letters?

It is possible to do this using a script and a Business Rule triggered after creating a user, but in this case you'll need to perform all password-related operations within the same script (such as sending an SMS message to the new user, creating the Office 365 account etc).

Related questions

0 votes
1 answer

I'm creating a process where after a user account has been created some manual steps are completed and then, then the helpdesk will approve the confirmation email to be ... to do this? Screenshot of the disabled approval checkbox: https://imgur.com/a/mLa1H

asked Mar 22, 2018 by jake_h (300 points)
0 votes
1 answer

I have a business rule to create a user in our AD, and then have it create a new O365 account and assign it a license. How can I have it create a temporary password that I specify during that business rule?

asked Jun 17, 2020 by keecit (60 points)
0 votes
1 answer

Hi, I'm probably over thinking this, so I'm hoping to get some clarity. But we've had an issue for a while and I can't get my head around it. When we create a ... exchange isn't needed for most of our environment now that we're Windows 10/11. Thanks, Gary

asked Sep 16, 2022 by gazoco (490 points)
0 votes
1 answer

Our Adaxes Microsoft 365 Tenant was created before we copmpleted the "app registration" in Azure. Which means that in the instructions for "Register Adaxes as an app in ... M365 tenant, would that affect any of our custom commands that we have created?

asked Feb 17, 2022 by Tfarmer (160 points)
0 votes
1 answer

I need a way of triggering a business rule based on the user (and not the group) being added or removed from a group. The reason I would like this triggered on the user is so ... prefer not to do that. I am checking to see if there is another way to do this.

asked May 16, 2023 by mark.it.admin (2.3k points)
3,588 questions
3,277 answers
8,303 comments
548,090 users