ARS SPML question - possible to rename 'samAccountName' ?

I have a need to prevent mailbox access for a returning user to their old exchange mailbox.  We are required to maintain the old mailbox for a bazillion years.

When a new user returns, the will get the same 'name' - in all it's mapped attributes.

We have decided with M$ that the best solution is to rename the old account - saving the SID under the old name + some date value.

We can use SPML to automate on retirement of an account - based on separation cause, a rename of all other 'name' related attributes.
we're having an issue renaming sAmAccountName.   Is there something special in SPML that would prevent rename of that attribute field?

and if so, is there a workaround for SPML to accomplish the task as well as it is performing that task on all other name related attribute values.

  • switched lanes, and got of the first exit.

    now, on post deprovision, called by SPML with a customized schema addition - if a VA containing a separation code is set on an account in that hidden OU, a workflow is triggered to rename an avalanche of name related attributes.

    the old renamed account retains its SID, and the connection to the old mailbox for audit purposes.  The same user can come back as a contractor, get the same original login name, but have no access to the prior mail.   Next up - determining if we can prevent undo-deprovision for an account that has been stamped with a VA indicating permanent separation.