• State Not Answered
  • Replies 2 replies
  • Subscribers 62 subscribers
  • Views 742 views
  • Users 0 members are here
Options
Related

samAccountName Generation with no Recycling

michael shakespeare
over 1 year ago

Hi All,

We recently decided to delete several thousand inactive accounts - we are now being told this is causing issues with Application historical records as the usernames are now being recycled.

We are planning to stop this by building either an LDS DB or SQL Table filled with all the deleted samAccountNames - query it and then pass it back to the Quest GUI - I am struggling to find the Quest Command that i would place into a Script Module that passes the Script Generated Samaccounts Name into the ARS Creation GUI, does anyone know what this would be?

I am using this at the moment:

' Generate sAMAccountName on server side

Dim strSAMName

strSAMName = "TESTSAMNAME"

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_GENERATED_VALUE, strSAMName)

The rest of the script is more or less built aside from LDS/SQL.

Any help would be greatly appreciated. 

Parents
  • 0 over 1 year ago

    You are on the right track except you should be implementing your script in Powershell.

    You need to implement this within a policy script that is embedded into your user provisioning policy.

    The script must contain an OnGetEffectivePolicy handler.  This will fire continuously in the background.

    Something like this...


    Function OnGetEffectivePolicy ($Request)
    {

    if($Request.Class -ne "user"){return}

    # Code to generate sam account name goes here

    # Place the samaccountname into the GUI

    $Request.SetEffectivePolicyInfo("samaccountname", EDS_EPI_UI_GENERATED_VALUE, $strSAMName)

    }

    Reference:  Search on SetEffectivePolicyInfo in the Active Roles SDK.

Reply
  • 0 over 1 year ago

    You are on the right track except you should be implementing your script in Powershell.

    You need to implement this within a policy script that is embedded into your user provisioning policy.

    The script must contain an OnGetEffectivePolicy handler.  This will fire continuously in the background.

    Something like this...


    Function OnGetEffectivePolicy ($Request)
    {

    if($Request.Class -ne "user"){return}

    # Code to generate sam account name goes here

    # Place the samaccountname into the GUI

    $Request.SetEffectivePolicyInfo("samaccountname", EDS_EPI_UI_GENERATED_VALUE, $strSAMName)

    }

    Reference:  Search on SetEffectivePolicyInfo in the Active Roles SDK.

Children
  • 0 over 1 year ago in reply to JohnnyQuest

    Thanks Johnny,

    I have simplified the script but and attached it to my provisioning policy - it doesn't seem to work - added the $.request.EDS_EPI_UI... as it will not let me save the script otherwise.

    function onGetEffectivePolicy($Request)
    {
    if($Request.Class -ne "user"){return}
    {
    $strAttrname = "samAccountName"
    $arr = "TestSAM"

    $Request.SetEffectivePolicyInfo($strAttrname, $Request.EDS_EPI_UI_GENERATED_VALUE, $arr)

    }
    }