I have seen one good thread about this a couple of months ago demonstrating the use of the "onGetEffectivePolicy" handler, but I can't seem to get a script to work for my needs. What I want to accomplish is multi-tiered, and my script is complete and is falling down somewhere as a result.
The objective is for the admin to:
- Select a value from a drop down menu configured in a policy (which writes to an AD extension attribute)
- Populate the First Name entry ("givenName") and Last Name entry ("sn"),
- Have a script module read the value from the drop down selection, and based on the value:
- Generate a custom, appended value in the UPN and sAMAccount entries, e.g.:
Drop down selection: "Privileged account"
First Name: John
Last Name: Smith
Generated UPN: "XXX_JSmth@<domain>"
Generated sAMAccountName: "XXX_JSmith
This is far as I have gotten, (and I recognize it's pretty far from the goal):
function onGetEffectivePolicy($Request)
{
if ($Request.Class -ne "user") {return}
$AccountType = $Request.Get('<attribute>')
$Firstname = $Request.Get('givenName')
$LastName = $Request.Get('sn')
$CustomVar = "XXX_"+$Firstname[0]+$LastName
$ResponseValue = GenerateCustomVar $CustomVar
$strAttrName = "sAMAccountName"
if ($AccountType -eq 'Privileged account'){
$Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_RELOAD_EPI_BY_RULE, "AccountType")
$Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_AUTO_GENERATED, $strAttrname)
$Request.SetEffectivePolicyInfo($strAttrname, $Constants.EDS_EPI_UI_GENERATED_VALUE, $ResponseValue)
}
else {return}
What am I missing?