Hi Pearse
thanks for your help, I will try to answer your questions and explain the problem:
Is this PX firing during the UI phase?
A: yes
If it fires after the task has completed, then it won't fire if the task fails?
A: I don't think I understand this question very well but I believe that the completed status means that the task should end successfully and this triggers
the sending of the SMS but this is not what is happening even though the task fails the SMS is sent anyways
You may need to set/use the |confirmPassword| logical attribute to actually read the password value in a PX in the submitted task phase (assuming your task sets it)
A:
there are 2 PX related to this task:
the 1st PX is Policy Type UI, it generates a temporary password and sets this password in the user attributes
%Password% and
|confirmPassword|
the 2nd PX tries to check (unsuccessfully) weather the password change was effective at the endpoint
and if so, it sends an SMS message with the temporary password
I have tried 4 different options in this second PX
1) the PX is Policy Type Submitted Task and it fires after the Reset Password task is complete
outcome: the SMS message is sent anyways even thought the task has failed
2) the PX is Policy Type Event and it fires after the "ResetPasswordEvent"
Comments: with this type of PX I need to set a rule
outcome: the SMS is never sent the rule is never satisfied
3) the PX is Policy Type Event and it fires after the "SynchronizeAttributesWithAccountsEvent"
Comments: with this type of PX I need to set a rule but I cannot find the right one
Outcome1: the SMS is never sent when I set a rule
Outcome2: without any rules the SMS is sent but without the temporary password, it seems I cannot use the |confirmPassword| value
4) the PX is Policy Type UI and the event that fires it is "Validate on Submit"
Comments: with this type of PX it seems to me I cannot do much
Outcome: The SMS is sent anyways even though the password at the endpoint has not changed
Problem: I cannot determine weather the password has been successfully changed at the endpoint (AD account)
QUESTION: is there any way to ask about the event status? maybe via BLTH?
Original Message:
Sent: 07-18-2019 02:05 PM
From: Pearse Kennedy
Subject: how to check for Active Directory account password change
Is this PX firing during the UI phase?
If it fires after the task has completed, then it won't fire if the task fails?
You may need to set/use the |confirmPassword| logical attribute to actually read the password value in a PX in the submitted task phase (assuming your task sets it)
Original Message:
Sent: 07-11-2019 01:54 PM
From: Felix Varela
Subject: how to check for Active Directory account password change
Thanks for the tip Larry, can you tell me how to check whether the task/event was successful?
Original Message:
Sent: 07-11-2019 12:06 PM
From: Larry Kasten
Subject: how to check for Active Directory account password change
If you're changing the password directly against AD or your endpoint it is not guaranteed that a PX policy will be able to determine when the attribute value has changed due to possible timing issues.
If AD is your corporate user store, use a PX to first check whether the task/event is successful and then send the SMS message.
Original Message:
Sent: 07-11-2019 10:52 AM
From: Felix Varela
Subject: how to check for Active Directory account password change
I have created a PX to send an SMS message with a temporary password when a reset password task is submitted the problem is that if the password change fails for the Active Directory account the message is sent anyways this is not the desired outcome
Is there a way to check for the password change at the endpoint or to check for the event status?
P.S. I have tried to check for password change in the AD but so far it doesn't seem to work