none
Initial password Communication problem RRS feed

  • Question

  • Hello!

    I'm trying to automate Initial Password Communication with email.

    I have a working process of user provision to AD, but can't do it with this instruction:

    http://social.technet.microsoft.com/wiki/contents/articles/2121.fim-how-to-use-workflows-to-automate-the-calculation-and-notification-of-initial-passwords.aspx

    This video have the same instruction. One difference is the order of activities in workflow, but I think that this is not a reason.

    https://technet.microsoft.com/en-us/video/automate-the-calculation-and-notification-of-initial-passwords-with-fim-2010.aspx

    Correctly I understand that:

    1. Email is generating when user is provisioned to AD (AD MA Export run profile) ?

    2. I don't need a MPR to achieve this goal?

     

     

    So, what I have:

    1.AD User Outbound Sync rule

    2.Workflow parameters

    3.Outbound Attribute Flow

    4.Action Workflow with 3 activities

    5.Password Generation Function

    6.Adding target resource to Sync Rule

    7.Email Notification

     

    Main problem what users are created in AD in disabled state, because of they don't get passwords. When I trying to enable them I get error that users can't be enables, because password doesn't meet password policy.

     

    Can anybody say where can be a problem?

    Any help very appreciated.

    Thanks!

     


    1

    Tuesday, December 6, 2016 2:47 PM

Answers

  • Problem was resolved.

    Maybe I have found a "floatating" bug.

    I have noticed that sometimes Initial password string (pic 6.Adding target resource to Sync Rule) is not saved when I press "save".

    Very strange.

    Thanks to all for help


    1

    • Marked as answer by alexiszp Friday, December 16, 2016 4:21 PM
    Friday, December 16, 2016 4:21 PM

All replies

  • Hello alexiszp,

    From looking at your screenshots it looks like everything is correct. In this scenario the issue is most likely one of the below:

    1. The initial password is not being generated.

    2. The initial password generated does not meet the password policy set in AD.

    Can you confirm if the password is actually being generated correctly? It looks like an email is being sent out with the initial password in it, can you look at one of those emails and confirm or write the initial password to an attribute on the user to confirm?

    Thanks.

    Wednesday, December 7, 2016 6:38 AM
  • I think that it is something with password generating.

    Password policy is OK, when I set password like P@ssw0rd#1234 account can be enabled. AD policy allows passwords like P@ssw0rd, so it is not policy problem, i think. Emails are not sended. I can't see them in "Sent" in MIMService account email box and managers don't get anything.

    I think that if password is not generated email can't be send, right?

    Now I want try to use "static" password like P@ssw0rd without function RandomNum to generate password to look that will be.

    Thanks!


    1

    Wednesday, December 7, 2016 8:21 AM
  • Thanks for the additional information alexiszp.

    Setting a static password is a good way to test and ensure that everything is working flow wise. If accounts are being create in an enabled state using a static password, then we know it is an issue with the custom expression used to generate the password. You should setup a test workflow that only generates a password using the custom expression you have and writes it to an attribute on a user in the Portal to see if it is generating correctly. It could be as simple as an extra space in the custom expression or something along those lines.

    Let me know your results.

    Thanks.

    Wednesday, December 7, 2016 11:18 PM
  • I have changed workflow to generate "static" password like P@ssw0rd#.

    Users are created in disabled state and can't be enabled.

    If I set this password manually - everything is OK.

    So, as I understand - problem is somewhere in connection workflow-sync rule.

    This is was tested with my existing 3 activities in workflow, secondly I want to test to run workflow without emailing activity.

    Any more ideas?

    Thanks!


    1

    Thursday, December 8, 2016 1:44 PM
  • Problem was resolved.

    Maybe I have found a "floatating" bug.

    I have noticed that sometimes Initial password string (pic 6.Adding target resource to Sync Rule) is not saved when I press "save".

    Very strange.

    Thanks to all for help


    1

    • Marked as answer by alexiszp Friday, December 16, 2016 4:21 PM
    Friday, December 16, 2016 4:21 PM