IAdmPasswordSelfServiceOps

The IAdmPasswordSelfServiceOps interface is used to retrieve information on the Password Self-Service Policy applied to a specific user, enroll, disenroll, and unblock a user.

Inheritance: IUnknown

Methods

Properties

  • Property

  • Description

  • IsEnrolled

  • Gets a value that indicates whether the user is enrolled for Password Self-Service.

  • EffectivePolicyDN

  • Gets the distinguished name (DN) of the Password Self-Service Policy that is effective for the current user.

  • EnrollmentPolicyDN

  • Gets the distinguished name (DN) of the Password Self-Service Policy that was used to enroll the current user for Password Self-Service.

Details

GetEnrollmentParameters()

Returns the IAdmPasswordSelfServiceEnrollmentParameters interface that provides access to enrollment parameters for the user.

IAdmPasswordSelfServiceEnrollmentParameters GetEnrollmentParameters(ADM_PSSPOLICYTYPE_ENUM policyType)

Parameters

The policyType parameter specifies the type of the Password Self-Service Policy that will be used to build the enrollment parameters.

Examples

The following code sample outputs the parameters of the Password Self-Service Policy effective for a user.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the user
$userDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0)

# Get the parameters that were used to enroll the user for Password Self-Service
$enrollmentParameters = $user.GetEnrollmentParameters("ADM_PSSPOLICYTYPE_EFFECTIVE")

if ($enrollmentParameters.SmsVerificationEnabled)
{
    Write-Host "SMS verification enabled"
    Write-Host "Bypass if mobile number is missing:" $enrollmentParameters.SmsVerificationNoMobileNumberBypassed
}

if ($enrollmentParameters.QuestionsAndAnswersEnabled)
{
    Write-Host "Security Questions & Answers enabled"
    Write-Host "Number of security questions to answer:" $enrollmentParameters.NumberQuestionsToAnswer
    Write-Host "Number of user-defined questions allowed:" $enrollmentParameters.NumberUserQuestions
    Write-Host "Minimum length of user-defined questions:" $enrollmentParameters.UserQuestionMinLength
    if ($enrollmentParameters.AnswerMinLengthEnabled)
    {
        Write-Host "Minimum answer length:" $enrollmentParameters.AnswerMinLength
    }
    Write-Host "Allow indentical answers:" $enrollmentParameters.IdenticalAnswersAllowed
    Write-Host "Case-sensitive answers:" $enrollmentParameters.AnswersAreCaseSensitive
    Write-Host "An answer cannot be a part of a question:" $enrollmentParameters.AnswerCannotBePartOfQuestion
    Write-Host "Secret questions that were used in the enrollment process:"
    foreach ($question in $enrollmentParameters.Questions)
    {
        Write-Host "`tQuestion:" $question.Question
        Write-Host "`tMandatory:" $question.Required
        Write-Host
    }
}
C#
using System;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Interop.Adsi.PasswordSelfService;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Connect to the Adaxes service
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the user
        const string userPath = "Adaxes://CN=John Smith,CN=Users,DC=domain,DC=com";
        IAdmPasswordSelfServiceOps user = 
            (IAdmPasswordSelfServiceOps) service.OpenObject(userPath, null, null, 0);


        // Get the parameters that were used to enroll the user for Password Self-Service
        IAdmPasswordSelfServiceEnrollmentParameters enrollmentParameters =
            user.GetEnrollmentParameters(ADM_PSSPOLICYTYPE_ENUM.ADM_PSSPOLICYTYPE_EFFECTIVE);

        if (enrollmentParameters.SmsVerificationEnabled)
        {
            Console.WriteLine("SMS verification enabled");
            Console.WriteLine("Bypass if mobile number is missing: " + 
                enrollmentParameters.SmsVerificationNoMobileNumberBypassed);
        }

        if (enrollmentParameters.QuestionsAndAnswersEnabled)
        {
            Console.WriteLine("Security Questions & Answers enabled");
            Console.WriteLine("Number of security questions to answer:" +
                enrollmentParameters.NumberQuestionsToAnswer);
            Console.WriteLine("Number of user-defined questions allowed:" + 
                enrollmentParameters.NumberUserQuestions);
            Console.WriteLine("Minimum length of user-defined questions:" + 
                enrollmentParameters.UserQuestionMinLength);
            if (enrollmentParameters.AnswerMinLengthEnabled)
            {
                Console.WriteLine("Minimum answer length:" + 
                    enrollmentParameters.AnswerMinLengthEnabled);
            }
            Console.WriteLine("Allow indentical answers:" + 
                enrollmentParameters.IdenticalAnswersAllowed);
            Console.WriteLine("Case-sensitive answers:" + 
                enrollmentParameters.AnswersAreCaseSensitive);
            Console.WriteLine("An answer cannot be a part of a question:" + 
                enrollmentParameters.AnswerCannotBePartOfQuestion);
            Console.WriteLine("Secret questions that were used in the enrollment process:");
            foreach (IAdmPasswordSelfServiceQuestion question in enrollmentParameters.Questions)
            {
                Console.WriteLine("\tQuestion:" + question.Question);
                Console.WriteLine("\tRequired:" + question.Required);
                Console.WriteLine();
            }
        }
    }
}

EnrollUser()

Enrolls the user using the specified Password Self-Service enrollment information.

void EnrollUser(IAdmPasswordSelfServiceEnrollmentInfo enrollmentInfo)

Parameters

The enrollmentInfo parameter specifies the Password Self-Service enrollment information that will be used in the enrollment process.

Examples

The following code sample enrolls a user for Password Self-Service using information from the user's Active Directory account.

PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Declare a hash table of secret questions and corresponding 
# properties of the user account
$questionsWithAnswersInfo = @{
    "What is your employee number?" = "employeeID";
    "What is your job title?" = "title";
}

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the user
$userDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0)

$questionsWithAnswers = @()
foreach ($question in $questionsWithAnswersInfo.Keys)
{
    # Create an empty question-answer pair
    $questionWithAnswer = New-Object "Softerra.Adaxes.Adsi.PasswordSelfService.AdmPasswordSelfServiceQuestionWithAnswer"
    
    # Specify the question
    $questionWithAnswer.Question = $question
    
    # Get the value of the corresponding property from Active Directory 
    # and specify it as the answer
    $answer = $user.Get($questionsWithAnswersInfo[$question])
    $questionWithAnswer.Answer = $answer
    
    # Add the question-answer pair to the collection
    $questionsWithAnswers += $questionWithAnswer
}

# Specify enrollment parameters
$enrollmentInfo = New-Object "Softerra.Adaxes.Adsi.PasswordSelfService.AdmPasswordSelfServiceEnrollmentInfo"

# Add the secret questions and answers
$enrollmentInfo.QuestionsWithAnswers = $questionsWithAnswers

# Specify the Password Self-Service Policy effective for the user
$enrollmentParameters = $user.GetEnrollmentParameters("ADM_PSSPOLICYTYPE_EFFECTIVE")
$enrollmentInfo.PolicyGuid = $enrollmentParameters.PolicyGuid

# Enroll the user
$user.EnrollUser($enrollmentInfo)
C#
using System;
using System.Collections.Generic;
using Softerra.Adaxes.Adsi;
using Softerra.Adaxes.Adsi.PasswordSelfService;
using Softerra.Adaxes.Interop.Adsi;
using Softerra.Adaxes.Interop.Adsi.PasswordSelfService;
using Softerra.Adaxes.Interop.Adsi.PersistentObjects;

class Program
{
    static void Main(string[] args)
    {
        // Declare a hash table of secret questions and corresponding 
        // properties of the user account
        Dictionary<string, string> questionsWithAnswersInfo = new Dictionary<string, string>
        {
            {"What is your employee number?", "employeeID"},
            {"What is your job title?", "title"}
        };

        // Connect to the Adaxes service
        AdmNamespace ns = new AdmNamespace();
        IAdmService service = ns.GetServiceDirectly("localhost");

        // Bind to the user
        const string userPath = "Adaxes://CN=John Smith,CN=Users,DC=domain,DC=com";
        IAdmTop user = (IAdmTop) service.OpenObject(userPath, null, null, 0);

        List<IAdmPasswordSelfServiceQuestionWithAnswer> questionsWithAnswers =
            new List<IAdmPasswordSelfServiceQuestionWithAnswer>();
        foreach (string question in questionsWithAnswersInfo.Keys)
        {
            // Create an empty question-answer pair
            IAdmPasswordSelfServiceQuestionWithAnswer questionWithAnswer = 
                new AdmPasswordSelfServiceQuestionWithAnswer();
            
            // Specify the question
            questionWithAnswer.Question = question;

            // Get the value of the corresponding property from Active Directory 
            // and specify it as the answer
            string answer = (string) user.Get(questionsWithAnswersInfo[question]);
            questionWithAnswer.Answer = answer;

            // Add the question-answer pair to the collection
            questionsWithAnswers.Add(questionWithAnswer);
        }

        // Specify enrollment parameters
        IAdmPasswordSelfServiceEnrollmentInfo enrollmentInfo = 
            new AdmPasswordSelfServiceEnrollmentInfo();
        
        // Add the secret questions and answers
        enrollmentInfo.QuestionsWithAnswers = questionsWithAnswers.ToArray();

        // Specify the Password Self-Service Policy effective for the user
        IAdmPasswordSelfServiceOps user2 = (IAdmPasswordSelfServiceOps) user;
        IAdmPasswordSelfServiceEnrollmentParameters enrollmentParameters =
            user2.GetEnrollmentParameters(ADM_PSSPOLICYTYPE_ENUM.ADM_PSSPOLICYTYPE_EFFECTIVE);
        enrollmentInfo.PolicyGuid = enrollmentParameters.PolicyGuid;

        // Enroll the user
        user2.EnrollUser(enrollmentInfo);
    }
}

DisenrollUser()

Disenrolls the user from Password Self-Service.

void DisenrollUser()

UnblockUser()

Unblocks the user for Password Self-Service.

void UnblockUser()

IsEnrolled

Gets a value that indicates whether the user is enrolled for Password Self-Service.

  • Type:
  • bool
  • Access:
  • Read-only

EffectivePolicyDN

Gets the distinguished name (DN) of the Password Self-Service Policy that is effective for the current user.

  • Type:
  • string
  • Access:
  • Read-only

EnrollmentPolicyDN

Gets the distinguished name (DN) of the Password Self-Service Policy that was used to enroll the current user for Password Self-Service.

  • Type:
  • string
  • Access:
  • Read-only

Requirements

Minimum required version: 2011.3

See also

© Softerra 2022. All rights reserved.
Send feedback