Older version3.2 ValvesADADPasswordChangeValve

ADPasswordChangeValve

Valve for modifying a users password in Microsoft Active Directory.

The new password will be formatted as an AD password - a binary UTF-16 LE string (little-endian byte order) enclosed in double quotes (“).

Valve operates on all items in current item set.

When doing a password change, the property pwdLastSet have to exist on the item if the old password is expired.

Properties

Name Description Default value Mandatory Supports property expansion
connection_ref Id of user store connection.   Yes No
value The new password.   Yes Yes
password_attr_name Name of password attribute. unicodePwd   No
current_password_param_name Name of parameter containing the current password. If this is configured the valve will bind with the current password instead of a random password before setting the new password. No Yes
unlock Flag controlling if locked account should be unlocked during password change process. false   No
ad_policy_hint_oid New parameter in AD 2008R2 for password history,
OID changed in AD 2012,
AD 2008R2 uses 1.2.840.113556.1.4.2066
1.2.840.113556.1.4.2239 No No

Example Configuration

{
  "name": "ADPasswordChangeValve",
  "config": { 
    "connection_ref": "d5c9fd4f-0e51-43d4-b1c5-b3e34b6edd4b",
    "value": "{{item.new_password}}",
    "unlock": "true"
  }
}

Requirements