Can we provision user accounts using an account template in active roles?

Hi sarath k 

Quick answer, yes.

Easiest way

1) Create an Administration Policy, it will contain a Property Validation and Generation rule for samAccountName (User account), where:

• Must be specified
• Must be
  • Default value "TPA"
  • Additional value: TPA{*}
• Must begin with "TPA"
• It must not be "TPA" (so someone can't create an account just called "TPA")

Link it to the OU where you create a new user, and test that when you create a user, it prefills samAccountName to be TPA, but not let you move on to the next screen without a compliance failure.

Then add something to the end of the samAccountName, and it should accept it and move on to the password field

2) Create a Change workflow, on creation of a user object, and limit it to the OU where you create your users that should have these changes applied on creation

• Add a Modify Requested Changes step, then when you open it, select Target changes
  • Set edsaUSeRMustChangePasswordAtNextLogon (haven't got ARS in front of me at the moment, so check this VA) to be true
  • Set AccountExpires to be +30 days (use the Workflow date time option)
• Then save the changes

Next create a user, within the provisioning OU (wherever you create linked the admin policy and workflow to)

Open the user object, check the settings

Any issues, check the change history for that user

To add, there are other ways of doing this involving scripts, but for ease I've only added the above.

And yes, you can copy an account, in the provisioning OU, and the admin policies and workflow will still apply

IE I copied a user called "Emp10", and am creating a user called "Test12 Test12"

Once created City, Country Post Code, Title, Company and Department were also copied for Emp10, along with some other values.

Change History

Great .Thank you , Stu.Pollock

Great .Thank you , Stu.Pollock

Great .Thank you , Stu.Pollock