0 votes

We try to use ADSI scripting to automate some tasks using Adaxes 2023. One such task is to try to check whether an answer provided by a user to his question is correct or not. Since we cannot retrieve directly the stored answers to compare, the next best thing is to see if Adaxes supplies a way to validate the user answer through ADSI scripting. But I do not see an easy way to do this using ADSI script and/or interfaces.

related to an answer for: Challenge Questions storage
by (20 points)

1 Answer

0 votes
by (14.5k points)

Hello,

Yes, it is possible to validate an answer to a security question. However, you need to know the exact question. For example, you can create a custom command with two parameters, one for the question and another for the answer. In the custom command, add the Run a program or PowerShell script action executing the below script. The script checks whether the specified question exists and whether the answer is correct. The script outputs the corresponding message to the command execution log. Pay attention to the fact that wrong answers to security questions count toward the limit of failed attempts for account blocking configured in the Password self-service policy.

In the script:

  • $questionParamName – Specifies the name of the text parameter used to enter the question. The value must start with the param- prefix.
  • $answerParamName – Specifies the name of the Edit box parameter used to enter the answer. The value must start with the param- prefix.
$questionParamName = "param-Question" # TODO: modify me
$answerParamName = "param-Answer" # TODO: modify me

# Get parameter values
$questionParamValue = $Context.GetParameterValue($questionParamName)
$answerParamValue = $Context.GetParameterValue($answerParamName)

# Validate question and answer
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")
$cookie = ""
try
{
    $selfPasswordResetManager =  $admService.CreateSelfPasswordResetManager("%userPrincipalName%", $NULL, [ref]$cookie)
}
catch
{
    $Context.LogMessage("The user is not enrolled for password self-service", "Information")
    return
}

for ($i=0; $i -lt $selfPasswordResetManager.NumberQuestionsToAnswer; $i++)
{
    $question = $selfPasswordResetManager.GetQuestion($i)
    if ($question -eq $questionParamValue)
    {
        try
        {
            $selfPasswordResetManager.AnswerQuestion($i, $answerParamValue)
            $Context.LogMessage("The answer is correct", "Information")
            return
        }
        catch
        {
            $Context.LogMessage("Incorrect answer", "Warning")
            return
        }
    }
}

$Context.LogMessage("Question not found", "Information")

Related questions

0 votes
1 answer

I need to know how to Create a new Custom Attribute which I wants save some informations of Users

asked Jun 12, 2023 by kanishka.silva (40 points)
0 votes
1 answer

The rule runs but since the first name and last name are passed as parameters, I only get the sequential # as a userID without the initials.

asked Oct 24 by curtisa (290 points)
0 votes
1 answer

Occationally Service Desk staff need to clear a DNS record when a desktop has been reimaged but is keeping the same name as loses the ability to manage its original DNS ... running in ADAXES. Can I just install the applet on the ADAXES server using powershell?

asked Jan 17, 2023 by stevehalvorson (110 points)
0 votes
1 answer

Hi, Can I use a PS script to call Adaxes with a list of users or computer and run through it? For example, PS script checks for users NotLoggedOnFor 30 days and sends this list to Adaxes to disable accounts.

asked Sep 6, 2011 by minhe (60 points)
0 votes
1 answer

Hi All, I am currently using the 30 day free trial of Adaxes and seeing if we can use it to achieve our method of user provisioning. I am looking into server-side ... variable value within an SQL query Can this be achieved? Any help is much appreciated, Thanks

asked Feb 1 by Lewis (40 points)
3,588 questions
3,277 answers
8,303 comments
548,090 users