Adaxes

Determine if user has answered security questions

0 votes

I'm looking for a way to display on a page visible to administrators/help desk users whether or not someone has answered their security questions. Would a custom command be the way to do this?

Thanks!

by (50 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes, a Custom Command would probably be the best way to do this. You can create a Custom Command that outputs the necessary information to the Execution Log. If a user executes the Custom Command, they will see the Execution Log when the command completes.

To create such a Custom Command, you'll need a PowerShell script. Here's a script that you can use to inform whether the user on which a Custom Command is executed is enrolled for Password Self-Service. The script uses the IAdmPasswordSelfServiceOps ADSI interface exposed by each user object. It provides access to Password Self-Service information of a user.

if ($Context.TargetObject.IsEnrolled)
{
    $policy = $Context.BindToObjectByDN($Context.TargetObject.EnrollmentPolicyDN)
    $policyName = $policy.Get("name")
    $Context.LogMessage("The user is enrolled for Password Self-Service. Policy name: " + $policyName, "Information")
}
else
{
    $Context.LogMessage("The user is not enrolled for Password Self-Service.", "Information")
}

For information on how to create a Custom Command, see the following tutorial: http://www.adaxes.com/tutorials_ActiveD ... ommand.htm. To run a script within your Custom Command, on step 4 of the tutorial, you'll need to add the Run a program or PowerShell script action.

Related questions

0 votes
1 answer
How to determine if User is an AD User or Azure AD User?

If we want to obtain the Object ID for the corresponding 365 object of a user, we would use the logic: [Guid]$Context.TargetObject.Get("adm-O365ObjectId") -if ... definitively belongs to an on-premises Active Directory domain or a cloud Azure AD domain?

asked Dec 12, 2022 by Viajaz (210 points)
0 votes
1 answer
What is the most current way of checking if a user has MFA enabled in Azure?

We used to use a script to check if an AD user's MFA was set in Azure (Hybrid AD/AAD set up). I do not think it is relevant any longer. Is there another script that handles this or some other functionality in order to check a user's Azure MFA status?

asked Aug 23 by msheppard (470 points)
0 votes
1 answer
Is it possible to have an email sent if a user has been removed from a certain OU?

A little bit of context: There are 3 departments that share 1 Active Directory. Now each department has its own OU. I would like to have an email sent when a user is ... if this is possible without Powershell? If not, is there a pre-existing script for this?

asked Oct 3, 2023 by Cas (200 points)
0 votes
1 answer
Security Questions for Password Self-Service Policies

Is there anyway we can get an Adaxes administrator to be able to access the security the questions and answers from the “Password Self-Service Policies” portal for our users?

asked Feb 17, 2022 by JoeG (40 points)
0 votes
1 answer
Change security questions for password recovery

Hi, Is there a way to change the security questions for the self-service password recovery? We need them in german and I just can't find a way to change them... On a side ... for a while now and always found a way to adjust it to our needs :D Regards, Yannik

asked Oct 15, 2018 by Yannik (100 points)
3,549 questions
3,240 answers
8,232 comments
547,820 users