DESCRIPTION
When you copy a user account, certain attributes are copied. The default list of attributes to copy is defined in the Active Directory schema. Attributes that should be copied when the object is copied have a 16th bit set in the seachFlags property in the schema. For details, see this Microsoft resource.
If you have an attribute that has this bit set, but you do not want its value to be copied, you have to use a script policy like the one provided below.
Attributes such as Exchange custom attributes (extensionAttribute1, ..., extensionAttribute10), have this bit set.
Although you can't prevent copying these attributes, you can clear them in an onPostCreate event handler, after they have been set in Active Directory.
Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.
SCRIPT
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
'*********************************************************************************
Sub onPostCreate(Request)
' Optimization: handle only Copy request, skip processing Create requests
If (CInt(Request.Parameter("Type")) <> EDST_REQ_COPY) Then Exit Sub
' Optimization: handle only user account operations
If Request.Class <> "user" Then Exit Sub
' Clear required attributes, for example Exchangte custom attributes
DirObj.PutEx ADS_PROPERTY_CLEAR, "extensionAttribute1", Empty
DirObj.PutEx ADS_PROPERTY_CLEAR, "extensionAttribute2", Empty
DirObj.PutEx ADS_PROPERTY_CLEAR, "extensionAttribute3", Empty
' ... etc.
DirObj.PutEx ADS_PROPERTY_CLEAR, "extensionAttribute10", Empty
DirObj.SetInfo
End Sub
'***** END OF CODE ***************************************************************