Reset AD password when AD is enabled

saikumar39 · October 12, 2023, 7:19am

Hi ,

Is there any way to reset AD password when AD is enabled(Rehire) using password policy ?

Thank you,
saikumar

atarodia1 · October 12, 2023, 9:13am

You can use BeforeProvisioningRule to complete this requirement.
Upon LCS change, you can choose to scramble password or change password attribute based on your requirement.
You can use SailPoint’s Services Standard BeforeProvisioningRule to implement the requirement

However, the recommended way is to scramble the password upon disabling the AD account and user follow the reset password mechanism upon rehire.

KRM7 · October 12, 2023, 7:39pm

Password policy is just like a validator. For example when you enter password in any web page, you get the password strength and an error message if your password is not matching the standards.

Password policy can be used to Generate random password that meets the standards and validate the password strength when user reset.

Along with that, You can send reminders before password gets expired. For more details

But I don’t think Password policy can reset the password in a source on its own. @colin_mckibben could you please confirm.

Thanks
Krish

sunnyajmera · October 12, 2023, 7:42pm

I’ll defer to @colin_mckibben for confirmation, but as far as I know, a password policy doesn’t compel password changes; instead, it verifies and enforces the criteria and prerequisites necessary for changing a password.

atarodia1 · October 13, 2023, 12:42pm

Yes, I second that and in addition to it password policies on IdentityNow does not reflect the actual policies on target system.

For example, target sources may have password history requirements which you can not configure on IdentityNow.

colin_mckibben · October 16, 2023, 3:39pm

Hi @saikumar39. Did any of these replies answer your question? If so, can you please mark the reply that best answered your question as the solution? Thank you!

KRM7 · October 16, 2023, 3:52pm

@colin_mckibben could you please confirm on this.

colin_mckibben · October 16, 2023, 7:16pm

I’m not 100% certain, but I believe this to be correct. Password Policy does not initiate password changes, it just dictates the requirements for setting a password. As can be seen in the UI for password policies, there is no indication that you can trigger a password reset.

I believe if you want to delve into password management, like automating the setting of passwords, you should look into password management and password sync groups

system · December 15, 2023, 7:16pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to set Active Directory as default for Desktop Password Reset ISC Discussion and Questions identity-security-cloud	9	604	August 10, 2023
Password History and Min Password Age Policy in AD do not respect by SailpointIDN ISC Discussion and Questions identity-security-cloud , password-management , password-policies	4	114	February 28, 2025
Password reset in Before Creation Rule (ConnectorBeforeCreate) ISC Discussion and Questions identity-security-cloud , provisioning	10	397	December 10, 2023
Not able to reset password using AD Passthrough ISC Discussion and Questions	4	1359	July 19, 2023
AD Passthrough Authentication and User Invitations ISC Discussion and Questions	5	1099	July 19, 2023

Reset AD password when AD is enabled

Related topics