Enforce Password reset for user with Distinguished Name (DN)

Hello All - I am planning to create a workflow to Force password reset the users with LDAP as per this flow https://prnt.sc/1qS-yP0NexBk. (Not using Teams-based template)

For both enforce password and search user (LDAP query), it requires DN information. However, we have different OU for users, and it’s difficult to specify the user base.
So is it possible to use other unique user values like mail UPN or other parameters? Please provide your ideas and assist with how we can implement it.

Also, any idea on the search base - It should be in “OU=Groups,OU=users, DC=prefix,DC=domain,DC=com” or is it fine to use “DC=prefix, DC=domain, DC=Com” ?

Thanks.

Hey there,
You are not required to query DN information you can query other attributes as well.
We have a check that can take multiple different attributes and make the correct search for it.

Here is the AD query we use, this is taken from a workflow snippet with given inputs but you could more or less take out the search query you prefer using

{{#if [$input].[distinguishedUser]}}
(distinguishedName={{[$input].[distinguishedUser]}})
{{else if [$input].[mail]}}
(mail={{[$input].[mail]}})
{{else}}
(sAMAccountName={{[$input].[sAMAccountName]}})
{{/if}}