Send Password to user through email on new Active Directory(AD) account Creation

SBahl · August 1, 2023, 3:57pm

While creating a New AD account , we have a rule which generates a random password. Now once this AD Account is created we are sending a notification to the user that AD account is created. The password is not available in the account attributes , please help me with a way to retrieve a dynamically created password so that can be shared with the user in the email.

Thanks in advance…!!

dheerajk27 · August 2, 2023, 1:53am

Hi Shivam,

Can you please let me know when AD Account is created, is it created from SailPoint? if so are you sending password through provisioningPolicy to AD?

SBahl · August 2, 2023, 6:26am

Hi Dheeraj,

Yes, the AD account is created from Identity Now. We are sending the randomly generated password through the create policy of AD source.

sharvari · August 2, 2023, 8:54am

Sailpoint uses two layers of encryption, it stores only cryptographic hash and never stores plain text password making it very difficult to decrypt it. So it’s not possible to get the random password that gets set so you won’t be able to email it.

RTASB · August 2, 2023, 9:29am

The only way to retrieve it would be to park it in an AD attribute that you read back into an Identity Attribute. Be aware though that the password will be in clear text till the user logs in the first time to reset it (provided you’ve got that configured). It is generally not a good idea to send passwords around in emails regardless.

ethompson · August 2, 2023, 1:47pm

You can handle this in an AfterCreate or AfterModify (operation Enable for rehires) in PowerShell.

Add-Type -AssemblyName System.Web
$pass = ConvertTo-SecureString $([system.web.security.membership]::GeneratePassword(16, 2)) -AsPlainText -Force
Set-ADAccountPassword -Identity $nativeIdentity -NewPassword $pass -Confirm:$false
Set-ADUser $nativeIdentity -ChangePasswordAtLogon $true
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass)
$Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

$body = "$Password with other text"

$splat = @{
    SMTPServer = "smtp.server.com"
    Port       = 25
    Credential = $creds
    From       = $from
    To         = $to
    Subject    = ""
    Body       = $body
    BodyAsHtml = $true
}

Send-MailMessage @splat

system · October 1, 2023, 1:48pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory account password generation and communication ISC Discussion and Questions identity-security-cloud , provisioning	4	301	May 11, 2024
Password Sync down to AD from IDN ISC Discussion and Questions provisioning	1	438	July 19, 2023
Retrieving Password from Get Accounts Action in Workflow ISC Discussion and Questions workflows , identity-security-cloud	4	277	November 19, 2023
Reset AD password when AD is enabled ISC Discussion and Questions identity-security-cloud , provisioning	8	298	December 15, 2023
Provisioning an Active Directory Boolean Value IIQ Discussion and Questions workflows , identityiq , provisioning	5	398	December 6, 2023

Send Password to user through email on new Active Directory(AD) account Creation

Related Topics