-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathautomation-ADSetNewPassword.yml
35 lines (34 loc) · 1.4 KB
/
automation-ADSetNewPassword.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
args:
- default: true
description: The username of the user whose password should be expired
name: username
required: true
- description: The password to set for the user
name: password
required: true
secret: true
comment: |
Set a new password for an Active Directory user
commonfields:
id: ADSetNewPassword
version: -1
dependson:
must:
- ad-set-new-password
deprecated: true
name: ADSetNewPassword
runonce: false
script: |+
resSet = demisto.executeCommand("ad-set-new-password", demisto.args())
if isError(resSet[0]) and ('LDAP Result Code 53 "Unwilling To Perform"' in resSet[0]['Contents'] or 'WILL_NOT_PERFORM' in resSet[0]['Contents']):
myErrorText = "An LDAP error occurred while trying to set the new password. This sometimes happens when the new password is not allowed by the Domain's Password Policy, especially password complexity requirements.\n"
myErrorText += "Please ensure that the user account you have configured to integrate with Active Directory Querying has permissions to change passwords and that the password you specified adheres to the Password Policy.\n"
myErrorText += "LDAP returned the following error:\n" + str(resSet[0]['Contents'])
demisto.results( { "Type" : entryTypes["error"], "ContentsFormat" : formats["text"], "Contents" : myErrorText } )
else:
demisto.results(resSet)
scripttarget: 0
system: true
tags:
- active directory
type: python