0 votes

I have a business rule to create a user in our AD, and then have it create a new O365 account and assign it a license.

How can I have it create a temporary password that I specify during that business rule?

by (60 points)
0

Hello,

For us to suggest a solution, please, post here or send us (support[at]adaxes.com) a screenshot of the Business Rule. Any additional details regarding the desired behavior would be much appreciated.

0

This is my current rule, after new user creation, adds the user to two security groups. Then as long as they're a user and NOT in those specificed OUs, it'll create an O365 account for them. I want to reset the AD password and the O365 password to one I specify after that.

adax.PNG

1 Answer

0 votes
by (289k points)

Hello,

Thank you for the provided details. This can be done by enabling the Synchronize passwords option in the settings of your Microsoft 365 (former Office 365) tenant. As a result when a password is reset via Adaxes for an AD user that is included into the scope of the tenant, their password will be automatically changed in Microsoft 365. To enable the feature:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, expand your service node.
  3. Navigate to Configuration\Cloud Services and select Office 365.
  4. In the Result Pane on the right, select your tenant and click Edit. image.png
  5. On the Tenant Details tab, select the Synchronize passwords checkbox. image.png
  6. Click OK.
0

I know that this is an option, but I want the AD account and O365 accounts to have separate passwords.

0

Hello,

Thank you for clarifying. A user password in Microsoft 365 can be reset using a PowerShell script. Do you need the password to only be reset or also email/sent via SMS? How exactly are you specifying the template for the new password in the Reset password for the user action of your Business Rule?

0

We use a temporary password that they know for onboarding, so we want it to be set to that - no SMS or anything else necessary.

The reset password business rule is just the AD one, nothing to do with O365.

+1

Hello,

Thank you for the provided details. You can use the below script in your Business Rule right after the Activate an Office 365 account action. In the script, the $newPassword variable specifies the password to be set. At first login users will need to change their password.

Import-Module MsOnline

$newPassword = "Temp!#$Pass" # TODO: modify me

# Get Office 365 Object ID
try
{
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    return # The user doesn't have an Office 365 account
}

# Get Office 365 Tenant credentials
$office365Cred = $Context.GetOffice365Credential()

# Connect to Office 365
Connect-MsolService -Credential $office365Cred

# Reset user password
Set-MsolUserPassword -ObjectId $objectId.ToString() -NewPassword $newPassword -ForceChangePassword $True
0

Awesome, thank you so much for the speedy responses! I will get this tested right away.

0

Works perfectly of course. Thank you very much.

Should I open another thread or can you point me to a script that allows me to add a user to an O365 group as well? (New user creation > add a user to O365 group)

+1

Hello,

Works perfectly of course. Thank you very much.

Thank you for the confirmation, it is much appreciated.

Should I open another thread or can you point me to a script that allows me to add a user to an O365 group as well?

Depending on the type of groups to which a user should be added in Microsoft 365 (former Office 365), you can update the corresponding script from the following article in our repository to meet your needs: https://www.adaxes.com/script-repository/add-user-to-office-365-distribution-groups-based-on-business-unit-membership-s254.htm.

0

I'm looking through that, and for that, that's a script to run (if scheduled) to always add/remove people according to the OU in AD to a group in O365.

Is there anyway to modify that to just do the add portion when I'm creating a new user?

0

Hello,

Yes, it is possible. You will need to mark users in your Business Rule after assigning Microsoft 365 licenses (e.g. by setting a custom Boolean attribute to true) and use a Scheduled Task to run the script for adding users to groups. It cannot be done in the Business Rule itself as adding users to all groups except for security groups that are not enabled requires for users to be Exchange Online recipients. As such the Scheduled Task will look like the following: image.png For us to provide you with the script to be executed in the task, please, specify to groups of which type users will be added.

0

It'll be Distribution and mail-enabled Security Groups

0

Hello,

Thank you for specifying. Have a look at the following script from our repository: https://www.adaxes.com/script-repository/add-user-to-distribution-and-mail-enabled-security-groups-in-microsoft-365-s578.htm.

0

Thank you again.

Sorry to bring the old issue up again, but initially when I setup the script it was working to change the domain to a different one in O365. But now it seems to not work during the creation phase, I have to run it after and it works fine. It's the "Update O365 Username to <domain> for the user"

image.png

My guess is that the account isn't fully created/"ready" to be used, and the business rules are going to quickly. Is there anyway to put logic in to say ok is the ready flag yes?, then proceed. If not, wait until flag says yes and then go.

Is that possible?

0

Hello,

As long as you are going to add users to Microsoft 365 groups in a Scheduled Task, you can move the script for the username update to the task. Finally, actions in the Business Rule and the Scheduled Task will look like the following:

Business Rule image.png Scheduled Task image.png

Related questions

0 votes
1 answer

We just finalize the purchase to our software license company and I want to try to automate more with Adaxes. Is there a way that it can automatically create mailboxes in Office 365 ... that relays out to 365) and set up a script to migrate them to Office 365?

asked Mar 6, 2013 by danftasc (440 points)
0 votes
0 answers

By default, in hybrid environments, when an on-premises AD object is created in Adaxes within the scope of a Microsoft 365 tenant, Adaxes will create the corresponding ... the Display the temporary password in the Execution Log checkbox. Click OK twice.

asked Nov 16, 2022 by Adaxes (560 points)
0 votes
1 answer

Hi, I'm probably over thinking this, so I'm hoping to get some clarity. But we've had an issue for a while and I can't get my head around it. When we create a ... exchange isn't needed for most of our environment now that we're Windows 10/11. Thanks, Gary

asked Sep 16, 2022 by gazoco (490 points)
0 votes
1 answer

Dear support, We are trying to achieve a situation where a user will be able to do the following: Create a mail enabled Office 365 contact. Add this office 365 contact to a ... . Hopefully you can help me on this quest. Thanks a lot and kind regards, Remco.

asked Feb 11, 2021 by remcobraspenning (20 points)
0 votes
1 answer

Hello, We have recently migrated to Office 365 and are experiencing a few problems related to password. When I create a user using Adaxes, Adaxes automatically send out ... during using user creation. How can we solve this problem? Regards, Eirik Zakariassen

asked Oct 16, 2015 by eirikza (120 points)
3,552 questions
3,242 answers
8,243 comments
547,828 users