Active Directory Password Reset Policy

Test the script(s), processes and/or data file(s) thoroughly in a test environment, and customize them to meet the requirements of your organization before attempting to use it in a production capacity.  (See the legal notice here)


Note: The workflow sample mentioned in this article can be downloaded from the Opalis project on CodePlex:



The “AD Password Reset” sample is designed to be called from an external system when a user requests their password in AD to be reset. The workflow validates that the user account exists and gets the users answer to their “Secret Question”. If the user answered the Secret Question with the correct answer, the password is reset and their account is flagged to require a password change at next login. The workflow doesn’t address delivery of the password itself, only resetting it. The new password could be generated (random text, for example) and sent to the user’s email address on file, for example.


The “Get Secret Answer” activity is actually a “Map Published Data” Foundation Activity. It would no doubt be replaced by a query to an Identity Management system or Active Directory to fetch the answer to the users Secret Question. For the sample, this provides an easy way to see how such a query would be integrated into the workflow.



Share this post :