How to use ADSI script to validate a user answer to his question?

Question

We try to use ADSI scripting to automate some tasks using Adaxes 2023. One such task is to try to check whether an answer provided by a user to his question is correct or not. Since we cannot retrieve directly the stored answers to compare, the next best thing is to see if Adaxes supplies a way to validate the user answer through ADSI scripting. But I do not see an easy way to do this using ADSI script and/or interfaces.

Answer 1

Hello,

Yes, it is possible to validate an answer to a security question. However, you need to know the exact question. For example, you can create a custom command with two parameters, one for the question and another for the answer. In the custom command, add the Run a program or PowerShell script action executing the below script. The script checks whether the specified question exists and whether the answer is correct. The script outputs the corresponding message to the command execution log. Pay attention to the fact that wrong answers to security questions count toward the limit of failed attempts for account blocking configured in the Password self-service policy.

In the script:

• $questionParamName – Specifies the name of the text parameter used to enter the question. The value must start with the param- prefix.
• $answerParamName – Specifies the name of the Edit box parameter used to enter the answer. The value must start with the param- prefix.

$questionParamName = "param-Question" # TODO: modify me
$answerParamName = "param-Answer" # TODO: modify me

# Get parameter values
$questionParamValue = $Context.GetParameterValue($questionParamName)
$answerParamValue = $Context.GetParameterValue($answerParamName)

# Validate question and answer
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")
$cookie = ""
try
{
    $selfPasswordResetManager =  $admService.CreateSelfPasswordResetManager("%userPrincipalName%", $NULL, [ref]$cookie)
}
catch
{
    $Context.LogMessage("The user is not enrolled for password self-service", "Information")
    return
}

for ($i=0; $i -lt $selfPasswordResetManager.NumberQuestionsToAnswer; $i++)
{
    $question = $selfPasswordResetManager.GetQuestion($i)
    if ($question -eq $questionParamValue)
    {
        try
        {
            $selfPasswordResetManager.AnswerQuestion($i, $answerParamValue)
            $Context.LogMessage("The answer is correct", "Information")
            return
        }
        catch
        {
            $Context.LogMessage("Incorrect answer", "Warning")
            return
        }
    }
}

$Context.LogMessage("Question not found", "Information")