• State Not Answered
  • Replies 7 replies
  • Subscribers 62 subscribers
  • Views 386 views
  • Users 0 members are here
Options
Related

PGV - Part Value

craig mcfarlane
3 months ago

Hi Guys, 

Trying to work my head around this is. 

I am trying to set an attribute value based on part of another attributes value.  To give you an example. 

Lets say the SamAccountName value is ABC-Something , I then have a Virtual attribute where i would like to use everything before the -Something. Now the issue is it will not always be three characters long it could be ABCDEFG-Something which is why i am trying to work out how to only take everything before the -Something. 

I have looked at the User properties  Mask options and some are close but not quite. Is there a cleaver way to do this?

Thanks in advance 

  • 0 3 months ago

    I would initially approach this by using a script with say onPostCreate and onPostModify Event Handlers (to catch creation and modification of the SamAccountName) and parse the SamAccountName, grab everything before the '-' dash and place this value into the desired attribute.

  • 0 3 months ago in reply to Richard.Lambert

    Thanks Richard. Do you have an examples? Was hoping there might have been a way in the GUI that i was not seeing? 

    I forgot to say that i am trying to do all this as part of a new user workflow , provisioning. Not sure how much that matters but thought i would add it. 

  • 0 3 months ago

    What I would do is have a Change Workflow that detects a SamAccountName Update and adds the update of the VA into the $Request using a Modify Requested Changes Activity.

    Here's a code snipped to grab the prefix:

    Function ParseSamAccountPrefix ($Request)
{

$InboundSam = $Request.get("samaccountname")


try
{

# Split the Sam at the '-' - element 0 is the first half

$SamPrefix = $InboundSam.split("-")[0]  

}
catch
{
# Just a placeholder in case something goes wrong

}

$SamPrefix

}

    Here's the configuration of the Modify Requested Changes Activity.

  • 0 3 months ago in reply to JohnnyQuest

    PS You can make the trigger for the workflow a user create instead - concept is the same:  i.e. intercept the user create $Request and have the Modify Requested Changes Activity add the population of the SamAccountName prefix into the VA into the $Request payload.

  • 0 3 months ago in reply to JohnnyQuest

    Thanks Johnny. I will take a look at this. 

  • 0 3 months ago in reply to craig mcfarlane

    Hi Johnny. So i have set this up but i just want to clarify something. On our new user form i was trying to get it so that value -something would show on the form. A bit like how the PGV works. Using your solution it does not seem to do that. Is that possible? 

  • 0 3 months ago in reply to craig mcfarlane

    If your wanting the value to show like a PGV, the below methods might be an option.

    1) The prefix (ABC) is this the same for all user objects in a single OU

    If you choose an attribute against the parent OU, and set this to the required prefix for the OU, then have a OOTB PGV rule, where it must be %<ou.attribute>- as the default, then have a second rule where the value is the same as the first put allows anything you want after is %<ou.attribute>-{*}. However you'd need to define a must not rule of %<ou.attribute>- so the user cannot just be called ABC1

    2) The prefix is not the same for all user objects in a single OU

    a) Populate VA's instead of the samAccountName, then populate the samAccountName from your VAs

    Create two VAs (or re-use existing as appropriate, where you have for example edsvaSamAacountPrefix and edvsaSamAccountSuffix, control the value of the prefix VA with the list of options, the suffix as per any rules you need... then set the value of samAccountName by PVG to be %<edvsaSamAccountPrefix>-%<edsvaSamAccountSuffix. Then in the WI just display the prefix and suffix fields for the user to populate. Or if you need the prefix in a different property just control that instead and config your ootb pgv to point to that

    b) Popuilate a single VA for prefix type

    Or even just have a single prefix VA, and the user must select a value, then this is populated into the samAccountName, where you have a rule where samAccountName must be %<edsvaSamAccountPrefix>- (against with a second rule for %<edsvaSamAccountPrefix>-{*}, and a must not rule for %<edsvaSamAccountPrefix>-

    c) Custom scripts

    Or write a script, which gets the possible prefixes from somewhere ( CSV, parent OU property, and displayed those values, and script the PGV rule.If you have a look here at a function called SetEffectivePolicy (PowerShell Library Source Code - Wiki - Active Roles Community - One Identity Community), this is some of the code you'd need to write a scripted PGV policy.
    Hope this helps.
    Stu