DESCRIPTION
The purpose of this script is to rename a user immediately post-creation to include the description (or any other arbitrary attribute) as part of the name.
This cannot be enforced in the Active Roles Console client prior to creation since the description attribute is not populated until after the logon name is specified/generated. Moreover, Active Roles does not allow renames during the on PreCreate event handler.
The Start-Job technique is being employed here to introduce a delay between the completion of the user creation wizard and the actual rename of the account. If the user is renamed immediately, the ARS client will return an error message since the object that the wizard is actively attempting to display to the user no longer exists by the name that the wizard is aware of. Despite that error message, the user will have been successfully renamed. Executing the rename as a background job eliminates this problem.
Note that if the Console/Web interface option to "Display the object properties when this wizard closes" is selected, an error message is likely. The user properties will likely be displayed prior to the rename being completed. This is easily alleviated by closing the properties window and re-selecting the properties of the newly renamed account.
Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.
SCRIPT
#*********************************************************************************
# THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
#
# IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
# PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
#*********************************************************************************
#*********************************************************************************
# User Renaming
# Version: 1.0
# Author: Shawn Ferrier [Quest]
# Date: Oct 14, 2010
#*********************************************************************************
#*********************************************************************************
# Description
#
# The purpose of this script is to rename a user immediately post-creation to
# include the description (or any other arbitrary attribute) as part of the name.
#
# This cannot be enforced in the ARS MMC client prior to creation since the
# description attribute is not populated until after the logon name is
# specified/generated. Moreover, ARS does not allow renames during
# the on PreCreate event handler.
#
# The Start-Job technique is being employed here to introduce a delay between
# the completion of the user creation wizard and the actual rename of the
# account. If the user is renamed immediately, the ARS client will return an
# error message since the object that the wizard is actively attempting to
# display to the user no longer exists by the name that the wizard is aware of.
# Despite that error message, the user will have been successfully renamed.
# Executing the rename as a background job eliminates this problem.
#
# Note that if the MMC/Web interface option to "Display the object properties
# when this wizard closes" is selected, an error message is likely. The user
# properties will likely be displayed prior to the rename being completed.
# This is easily alleviated by closing the properties window and re-selecting the
# properties of the newly renamed account.
#
#*********************************************************************************
function onPostCreate($Request) {
if ($Request.Class -ne "user") { return }
if ($Request.Parameter("RequestSource") -ne $Constants.EDST_MOD_SOURCE_CLIENT) { return }
$UserDesc = $DirObj.Get("description")
if (($UserDesc -eq $null) -or ($UserDesc -eq "")) { return }
$UserCN = $DirObj.Get("cn")
$UserCN = $UserCN + " ($UserDesc)"
Start-Job -InitializationScript { Add-PSSnapin -Name "Quest.ActiveRoles.ADManagement" } `
-ScriptBlock { param($User, $NewName) Rename-QADObject $User -NewName $NewName -proxy } `
-ArgumentList $Request.GUID, $UserCN
}
#***** END OF CODE ***************************************************************