Automatic AD Password Updates

Hi all,

Again this may have already been requested so please merge if needed.

Would it be possible to integrate AD password resets within Orchestrator to automatically manage password updates in production? This is a way it could be done…

We shouldn’t access the AD password programatically for obvious reasons, i.e. never Get Credentials but passwords need to be changed from time to time and many clients won’t allow a non-changing password (i.e. it has to be reset after X days).

By running the update functionality as an administrator we can update the AD password first by creating a randomly generated password and running the update command. So…we can take that password (without ever seeing what it is) and then update Orchestrator robot credentials to ensure that the two are always matching.

@ClaytonM @sfranzen I saw a similar topic that you were discussing so keen to get your thoughts. At the moment password resets are a very manual task. Also @Florent_Salendres has some useful insight here.


Yessss, this is always a major challenge managing password updates. Seems to me like this could be possible since the user ids in Orchestrator have network access to the server which means it should be able to control the Change Password feature within Windows, per Robot (it would need to connect to the server though)… I would think.

I’m sure IT Security will cringe, though!

I wish there was also a good way to determine if a password is expiring before it does or without needing some reminder that relies on a password manager being on the ball all the time. Because, when the passwords expire everything just stops working.

I would also add to this that there should be an Orchestrator feature that shows that the user id has access to the server, whether its password works or has remote authorization. I do have a test workflow but would need to schedule it and have email notification set up.

Well I think as long as it requires a Super Douper High Level Admin (e.g. IT admin only) then IT functions will be happy with this approach. It’s from conversations with IT departments that this idea has come about.

In terms of expiry date we could include this within the feature -e.g. setting to say what is the password expiry duration “90 days”, then use that to control when passwords are due to expire. Are we sure we can’t get the expiry date programatically? That would be less of a security issue surely?

I know this is very, very old…but not seeing any more recent discussions in as much depth.

I’m currently looking into a utility bot which cycles all passwords on a bimonthly basis, using Windows Credential Manager as each bot will be running on its own VM and will have individual/unique access to our apps. Updating all the apps/software pw etc is fairly easy in that regard using UiPath activities already in existence, BUT, as above, updating the VM password is something we’d have to do “above” this level I think. So it would be great if Orchestrator could push this, a function within the Robot/Machine section where the AD password is kept where you can select how often it must be changed, and Orchestrator sorts out the new PW its end and on the VM.

Pitfalls I can think of though - what about attended bots where users need to log in? Would we need to create a new process where the end user on the attended bot’s VM has to run a process which opens up a message box, takes the pw they type in and stores it in Orchestrator? But if they type it in incorrectly etc… All seems a bit messy. Has anyone come up with something decent for this, I can’t imagine out of UiPaths’ $bn dollars’ worth of client base a solution hasn’t arisen :slight_smile:

I think with newly added Folders you can do much more than that, please give it a look and provide feedback :slight_smile:

Yes, now inn modern folders the paradigm has changed a bit.

So let’s say you had 20 machines and 5 users. You would have to create 100 robots and update one password in twenty places.

Now, in modern folders you have 5 users and one machine template so the update will go smooth.