10 Replies Latest reply on Jul 29, 2019 2:44 PM by ericrgarner

    Email New User with Credentials?

    ericrgarner

      I've been working through a post that 8paul posted on here which deals with custom template creation for new user accounts.  Has anyone come across a method for automatically creating an email and sending it to the user with their username and password contained in the body of the email? I know ARM (8man) allows for custom script injections but don't have much experience on this front.  Something like this would be a huge time saver in our environment.

        • Re: Email New User with Credentials?
          8paul

          Hi Eric,

           

          in the template there is a field for the script path and parameters, those are the 2 relevant values in the template.

          For your use case just set the path and put {samaccountname} in the parameters field, this will cause ARM to pass the value of the samAccountName field to the script.

           

          In your script have a parameter definition like this:

          param(

          $samaccountname

          )

           

          Afterwards you can use the variable in your script, the two relevant commands for your case would be Set-ADAccountPassword and Send-MailMessage

          Since you currently can not pass the password value as parameter you will have to generate a new one in the script and reset the password on the account with the new one.

           

          Regards

            • Re: Email New User with Credentials?
              bjoern-cusatum

              Hi Paul,

               

              actually it is possible to pass on the password as variable. This was included sometime 2018 because many customers asked for it.

               

               

              Cheers

              Björn

              1 of 1 people found this helpful
                • Re: Email New User with Credentials?
                  ericrgarner

                  Hi Paul,

                   

                  Is there any documentation around setting something like this up? I'm not very familiar with the Send-MailMessage powershell command.  Are there any plans add this functionality into the native UI at some point in the future?

                   

                  I'm able to get a simple email to fire off after a new account is created but for some reason the password variable isnt returning any value.  Is there anything else I need to check on my end?

                   

                    • Re: Email New User with Credentials?
                      8paul

                      Hi Eric,

                       

                      can you specifiy what you mean by "the password variable isn´t returning a value"? Could you post the parameter definition of your script and how you try to access the variable?

                      There is documentation regarding the usage of scripts and the passing of parameters in the extended install & config guide you can find in the success center.

                       

                      P.S. if you are using a custom template the script execution and parameters are defined in the template, the script configuration in the config interface does not apply in that case.

                       

                      Regards

                      Paul

                        • Re: Email New User with Credentials?
                          ericrgarner

                          Hi Paul,

                           

                          Just circling back on this now.  See my screenshots below.  I have my script parameters set in the ARM Template Generator as follows.  The userprincipalname parameter is working but the Password parameter is not.

                           

                           

                           

                          The copy/pasted the powershell script I'm using  -

                           

                           

                          param(

                          [string] $userprincipalname,

                          [string] $Password

                          )

                          Send-MailMessage -From 'SolarwindsARM@edwhost.com' -To 'xxxx@somedomain.com' -Subject 'Test mail' -SmtpServer 'smtp.hosting.local' -Body "The account name is: $userprincipalname and the password is: $Password"

                           

                           

                          I can create the user account without issue using the template but the password doesnt appear to make it into the script.  Here's what I get in the email.

                           

                           

                          My guess is that I'm not invoking the Password variable correctly or that the parameter is not defined correctly in the template. Any advice would be appreciated. 8paul bjoern-cusatum

                            • Re: Email New User with Credentials?
                              8paul

                              Hi Eric,

                               

                              the password variable as described by bjoern-cusatum doesnt seem to work for me either, maybe he can shed some light on this.

                              The workaround would be to just generate the password in the script, set it using Set-ADAccountPassword and then use the value for your Mail as well.

                               

                              Regards

                              Paul

                              • Re: Email New User with Credentials?
                                bjoern-cusatum

                                Password only works when the parameters are transfered as json object in the script configuration. Here's a special function implemented which passes on the password.

                                It does not work in the (old) variant which is integrated in the templates. This is just basic attribute/parameter transfer and the password is not an attribute and already discarded at this point.

                                  • Re: Email New User with Credentials?
                                    ericrgarner

                                    Thanks for responding.  I've taken 8paul's advice and integrated the password reset directly into my powershell script.  I came across another issue however. Let me know if I should submit this on a new thread.

                                     

                                    For whatever reason it doesn't seem like ARM is enforcing the "IsScriptEnabledByDefault' value in my user creation template.

                                     

                                     

                                    I have the value set to True however the script wont run automatically.  I have to set the "IsHiddenFromRequester" value to False in order to expose that option to the requester.  Unless the requester manually checks the box next to 'Start the program after the user creation' the script will not be run. 

                                     

                                     

                                    This seems like a potential bug. Any ideas?  I don't want to expose this extra step to the requesters if possible and would like it to run automatically without additional intervention.