Reset password powershell script

Question

Hello,

I'm trying to run a powershell script after password reset in order to create a record of the new password in a mysql database. Here is the script I'm using:

## MYSQL Connection
## This requires mysql connector net

## All variables will need changing to suit your environment
$server= "password.domain.org"
$username= "Adaxes"
$password= "P@ssW0rd"
$database= "passworddb"

## The path will need to match the mysql connector you downloaded
[void][system.reflection.Assembly]::LoadFrom("C:\Program Files (x86)\MySQL\MySQL Connector Net 6.8.3\Assemblies\v2.0\MySQL.Data.dll")

$SqlConnection = New-Object Mysql.Data.MySqlClient.MySqlConnection
$SqlConnection.ConnectionString = "server=$server;uid=$username;password=$password;database=$database;pooling=false;Allow Zero Datetime=True;"

$Query = "INSERT INTO userpasswords(username,password,moddate,ip,modbyuser) VALUES('%username%','%unicodePwd%',%datetime%,'Adaxes','%initiator%') ON DUPLICATE KEY UPDATE password='%unicodePwd%',moddate='%datetime%',ip='Adaxes',modbyuser='%initiator%'"

    $SqlConnection.Open()
    $SqlCmd = New-Object MySql.Data.MySqlClient.MySqlCommand $Query, $SqlConnection
    $SqlCmd.ExecuteNonQuery()
    $SqlConnection.Close()

However Adaxes is not putting the new password into the script. Do I have to use something other than unicodePwd? Here is the query that the mySql database receives after Adaxes sends it:

INSERT INTO userpasswords(username,password,moddate,ip,modbyuser) VALUES('test_user','',2/26/2014 3:53:17 PM,'Adaxes','ryan_breneman@domain.org') ON DUPLICATE KEY UPDATE password='',moddate='2/26/2014 3:53:17 PM',ip='Adaxes',modbyuser='ryan_breneman@domain.org'

Thanks for your help!

Comments

Hello,

Can you send a screenshot of your Business Rule to mour support e-mail (support[at]adaxes.com) or post it here?

---

Here is the Business Rule:

and that calls a custom command that actually houses the powershell script:

I used a custom command because I want this to run after a password reset as well as a password change, but I didn't see anyway to combine both of those into one business rule.

Answer 1

The reason for the issue is that you execute the script in a separate Custom Command. The %unicodePwd% value reference is resolved only in Business Rules triggered before/after creating a user, resetting a password for a user or updating a user. It won't be resolved in a Custom Command.

You have two ways how you can resolve the issue:

1. Discard the Custom Command and execute the Run a program or PowerShell script action that runs the script directly in your Business Rules. In this case, you will have two separate scripts, and if you need to make modifications, you'll have to do it twice.

2. Another option is to save the password to a certain property of the user in the Business Rules. For this purpose, you can use one of Adaxes virtual properties that can store text data, for example, CustomAttributeText1.

   So, in the Business Rules, you can use the Update the User action and save the new password to a certain property before launching the script:
   
   Then, in the script, you can access the password stored in the virtual property. For example, if you stored the password in the CustomAttributeText1 property, you can access it by using the %adm-CustomAttributeText1% value reference in the script.

   Also, it would be wise to clear the virtual property at the end of the script for security considerations. For this purpose, use the following lines in your code:

    $Context.TargetObject.Put("adm-CustomAttributeText1", $NULL)
    $Context.TargetObject.SetInfo()
   

Comments

Excellent. I'll probably just put the script in each business rule. After I get it working I won't be making many modifications to it.

Thanks for your help!