0 votes

Hello,

I'm trying to run a powershell script after password reset in order to create a record of the new password in a mysql database. Here is the script I'm using:

## MYSQL Connection
## This requires mysql connector net

## All variables will need changing to suit your environment
$server= "password.domain.org"
$username= "Adaxes"
$password= "P@ssW0rd"
$database= "passworddb"

## The path will need to match the mysql connector you downloaded
[void][system.reflection.Assembly]::LoadFrom("C:\Program Files (x86)\MySQL\MySQL Connector Net 6.8.3\Assemblies\v2.0\MySQL.Data.dll")

$SqlConnection = New-Object Mysql.Data.MySqlClient.MySqlConnection
$SqlConnection.ConnectionString = "server=$server;uid=$username;password=$password;database=$database;pooling=false;Allow Zero Datetime=True;"

$Query = "INSERT INTO userpasswords(username,password,moddate,ip,modbyuser) VALUES('%username%','%unicodePwd%',%datetime%,'Adaxes','%initiator%') ON DUPLICATE KEY UPDATE password='%unicodePwd%',moddate='%datetime%',ip='Adaxes',modbyuser='%initiator%'"

    $SqlConnection.Open()
    $SqlCmd = New-Object MySql.Data.MySqlClient.MySqlCommand $Query, $SqlConnection
    $SqlCmd.ExecuteNonQuery()
    $SqlConnection.Close()

However Adaxes is not putting the new password into the script. Do I have to use something other than unicodePwd? Here is the query that the mySql database receives after Adaxes sends it:

INSERT INTO userpasswords(username,password,moddate,ip,modbyuser) VALUES('test_user','',2/26/2014 3:53:17 PM,'Adaxes','ryan_breneman@domain.org') ON DUPLICATE KEY UPDATE password='',moddate='2/26/2014 3:53:17 PM',ip='Adaxes',modbyuser='ryan_breneman@domain.org'

Thanks for your help!

by (920 points)
0

Hello,

Can you send a screenshot of your Business Rule to mour support e-mail (support[at]adaxes.com) or post it here?

0

Here is the Business Rule:
(Business Rule Screenshot)
and that calls a custom command that actually houses the powershell script:
(Custom Command Screenshot)
I used a custom command because I want this to run after a password reset as well as a password change, but I didn't see anyway to combine both of those into one business rule.

1 Answer

0 votes
by (216k points)
selected by
Best answer

The reason for the issue is that you execute the script in a separate Custom Command. The %unicodePwd% value reference is resolved only in Business Rules triggered before/after creating a user, resetting a password for a user or updating a user. It won't be resolved in a Custom Command.

You have two ways how you can resolve the issue:

  1. Discard the Custom Command and execute the Run a program or PowerShell script action that runs the script directly in your Business Rules. In this case, you will have two separate scripts, and if you need to make modifications, you'll have to do it twice.

  2. Another option is to save the password to a certain property of the user in the Business Rules. For this purpose, you can use one of Adaxes virtual properties that can store text data, for example, CustomAttributeText1.

    So, in the Business Rules, you can use the Update the User action and save the new password to a certain property before launching the script:

    Then, in the script, you can access the password stored in the virtual property. For example, if you stored the password in the CustomAttributeText1 property, you can access it by using the %adm-CustomAttributeText1% value reference in the script.

    Also, it would be wise to clear the virtual property at the end of the script for security considerations. For this purpose, use the following lines in your code:

     $Context.TargetObject.Put("adm-CustomAttributeText1", $NULL)
     $Context.TargetObject.SetInfo()
    
0

Excellent. I'll probably just put the script in each business rule. After I get it working I won't be making many modifications to it.

Thanks for your help!

Related questions

0 votes
1 answer

Hi i want to add list of OU's here for help desk to go each OU and find user they want for resetting password , how can i do that? In user creation page i can do ... so help desk user can go inside each OU and look for user they want to reset password for

asked Dec 3 by vagifazari (450 points)
0 votes
1 answer

I'd like to add a field for "Ticket Number" to pass through so that I can have it run a script post execution to log data to our ticketing system. I ... it may be possible to extend the public class ResetPasswordOptions but that's not really ideal...

asked May 27 by ZoomGhost (280 points)
0 votes
1 answer

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (80 points)
0 votes
1 answer

Hello, I'm using the reset user password but having issues when sending that generated password via email - Username info is attached correctly in the email but the password info is blank. Can you please advise. Thanks, Darren

asked Apr 3 by DarrenFisk (60 points)
0 votes
1 answer

I am trying to customize the enrollment pop up page to specify the number format need, but I cannot for the life of me find the file or location where I can edit the html code needed to say this on the enrollment page, is this even possible?

asked Apr 10, 2023 by gwadmin (80 points)
3,589 questions
3,278 answers
8,303 comments
548,153 users