Send Password to user through email on new Active Directory(AD) account Creation

SBahl · August 1, 2023, 3:57pm

While creating a New AD account , we have a rule which generates a random password. Now once this AD Account is created we are sending a notification to the user that AD account is created. The password is not available in the account attributes , please help me with a way to retrieve a dynamically created password so that can be shared with the user in the email.

Thanks in advance…!!

dheerajk27 · August 2, 2023, 1:53am

Hi Shivam,

Can you please let me know when AD Account is created, is it created from SailPoint? if so are you sending password through provisioningPolicy to AD?

SBahl · August 2, 2023, 6:26am

Hi Dheeraj,

Yes, the AD account is created from Identity Now. We are sending the randomly generated password through the create policy of AD source.

sharvari · August 2, 2023, 8:54am

Sailpoint uses two layers of encryption, it stores only cryptographic hash and never stores plain text password making it very difficult to decrypt it. So it’s not possible to get the random password that gets set so you won’t be able to email it.

RTASB · August 2, 2023, 9:29am

The only way to retrieve it would be to park it in an AD attribute that you read back into an Identity Attribute. Be aware though that the password will be in clear text till the user logs in the first time to reset it (provided you’ve got that configured). It is generally not a good idea to send passwords around in emails regardless.

ethompson · August 2, 2023, 1:47pm

You can handle this in an AfterCreate or AfterModify (operation Enable for rehires) in PowerShell.

Add-Type -AssemblyName System.Web
$pass = ConvertTo-SecureString $([system.web.security.membership]::GeneratePassword(16, 2)) -AsPlainText -Force
Set-ADAccountPassword -Identity $nativeIdentity -NewPassword $pass -Confirm:$false
Set-ADUser $nativeIdentity -ChangePasswordAtLogon $true
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass)
$Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

$body = "$Password with other text"

$splat = @{
    SMTPServer = "smtp.server.com"
    Port       = 25
    Credential = $creds
    From       = $from
    To         = $to
    Subject    = ""
    Body       = $body
    BodyAsHtml = $true
}

Send-MailMessage @splat

system · October 1, 2023, 1:48pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory account password generation and communication ISC Discussion and Questions identity-security-cloud , provisioning	4	649	May 11, 2024
IdentityNow - Active Directory - Setting AD account password in Create Account with transform ISC Discussion and Questions transforms , identity-security-cloud , provisioning	4	127	November 8, 2024
Password Sync down to AD from IDN ISC Discussion and Questions provisioning	1	524	July 19, 2023
Retrieving Password from Get Accounts Action in Workflow ISC Discussion and Questions workflows , identity-security-cloud	4	347	November 19, 2023
Password Sync Group when Accounts Created at Different Times ISC Discussion and Questions identity-security-cloud , password-sync-groups	5	123	August 17, 2024

Send Password to user through email on new Active Directory(AD) account Creation

Related topics