• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Custom script-based User Logon Name Generation policy
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • +Group management
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • -User management
          • Copy additional attributes on user copy
          • Create/Delete local user accounts, basing upon creation/deletion of user accounts in Active Directory
          • Custom script-based PVG-policy with generation rule
          • Custom script-based PVG-policy with possible values list
          • Custom script-based User Logon Name Generation policy
          • Delete Expired Users and Home Directory
          • Detailed debug information on the script policy request object
          • Function to get a DN of a user object using samAccountName
          • Get user account properties after it had been deleted
          • How to enable cross-domain moving of user accounts
          • How to enforce the use of the "Generate Password" function
          • How to prevent Active Roles interaction with file servers on User Home Folder Provision
          • How to prohibit specifying a user password that never expires
          • Last Bad Password Time
          • Manage country codes, names and abbreviations
          • Move a user to some OU upon creation
          • Notify manager when user object is deprovisioned
          • Populate a PVG policy with a possible values list from external source
          • Populate user attributes based on another attribute - e.g. 'Company'
          • Programmatically deprovision a user
          • Re-locates users according to a value set in a virtual attribute
          • Remove characters with an umlaute (öäü) and replace with corresponding characters
          • Restrict who can Disable users while allowing Enable
          • Review for user personal data
          • Script Policy to set account expiration for every created user account
          • Script-based "Last N characters of X attribute"-rule as part of User Logon Name Generation policy rules
          • Set correct country code for user
          • Simplified version of the script-based PVG-policy with a possible values list
          • Stamping manager DN by given manager Id
          • Standalone script to set logon hours of a user account
          • Tree of trust - allow objects to be managed only by their direct or indirect managers
          • User logon name generation without national characters
          • User Provisioning - Home Drive Location and Profile based on UserID
        • Validate moving operations
        • +VBScript: Approval

Custom script-based User Logon Name Generation policy

DESCRIPTION

No description


Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.


SCRIPT

 

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

'*********************************************************************************

Option Explicit

Const strScriptName = "Custom User Logon Name Generation"

Const strErrorMessage = "Error while User Logon Name generation"

Const strUserClassName = "user"

Const strSAMAttrName = "sAMAccountName"

Const numMaxSAMNameLength = 8

Const strSAMNameProhibited = """/\[]:;|=,+*?"

'################# SUBROUTINES ##########################################

'===========================================================================

Function CheckSAMName(strSAMName)

CheckSAMName = True

' check for sAMAccountName length

If (Len(strSAMName) <> numMaxSAMNameLength) Then

CheckSAMName = False

Exit Function

End If

' sAMAccountName should be not consist solely of spaces

If (Trim(strSAMName) = "") Then

CheckSAMName = False

Exit Function

End If

' sAMAccountName should be not consist solely of periods

If (Trim(strSAMName) = "........") Then

CheckSAMName = False

Exit Function

End If

' check for prohibited symbols

Dim i

For i=1 To Len(strSAMNameProhibited)

If (InStr(strSAMName, Mid(strSAMNameProhibited,i,1)) <> 0) Then

CheckSAMName = False

Exit Function

End If

Next

' add here code for sAMAccountName uniquness check in desired scope

' ...

' ...

End Function ' CheckSAMName

'===========================================================================

Function GenerateSAMName(Request)

GenerateSAMName = ""

Dim strFirstName, strLastName

' get user first name from request

On Error Resume Next

strFirstName = Request.Get("givenName")

On Error GoTo 0

If (IsEmpty(strFirstName)) Then strFirstName = ""

' get user last name from request

On Error Resume Next

strLastName = Request.Get("sn")

On Error GoTo 0

If (IsEmpty(strLastName)) Then strLastName = ""

Dim arrSAMNames, strSAMName

' for example, there is some combinations of first&last names for new sAMAccountName

' fill this array with your own combinations

arrSAMNames = Array( _

Left(strFirstName,6) & Left(strLastName,2), _

Left(strFirstName,5) & Left(strLastName,3), _

Left(strFirstName,4) & Left(strLastName,4), _

Left(strFirstName,3) & Left(strLastName,5), _

Left(strFirstName,2) & Left(strLastName,6), _

Left(strFirstName & strLastName, 8) )

For Each strSAMName In arrSAMNames

If (CheckSAMName(strSAMName)) Then

GenerateSAMName = strSAMName

Exit Function

End If

Next

End Function ' GenerateSAMName

'===========================================================================

Function IsFullEffectivePolicyInfoRequested(Request, strAttrName)

IsFullEffectivePolicyInfoRequested = False

Dim arrRequestedAttributes, strRequestedAttribute

' get ARS control that consists attribute names requested for FullEffectivePolicyInfo

On Error Resume Next

arrRequestedAttributes = Request.GetInControl(EDS_CONTROL_FULL_EFFECTIVE_POLICY_INFO)

On Error GoTo 0

' exit if no this ARS cintrol

If (IsEmpty(arrRequestedAttributes)) Then Exit Function

' check if ARS control consists a string with one attrbute name

If (VarType(arrRequestedAttributes) = vbString) Then

strRequestedAttribute = arrRequestedAttributes

If (LCase(strRequestedAttribute) = LCase(strAttrName)) Then

IsFullEffectivePolicyInfoRequested = True

Exit Function

End If

' check if ARS control consists an array of strings with attribute names

ElseIf (VarType(arrRequestedAttributes) = vbArray) Then

For Each strRequestedAttribute In arrRequestedAttributes

If (LCase(strRequestedAttribute) = LCase(strAttrName)) Then

IsFullEffectivePolicyInfoRequested = True

Exit Function

End If

Next

End If

End Function ' IsFullEffectivePolicyInfoRequested

'################# EVENT HANDLERS ##########################################

'===========================================================================

' onPreCreate

'===========================================================================

Sub onPreCreate(Request)

If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub

' get sAMAccountName value from request

Dim strSAMName

On Error Resume Next

strSAMName = Request.Get(strSAMAttrName)

On Error GoTo 0

If (IsEmpty(strSAMName)) Then strSAMName = ""

' if sAMAccountName is specified

If (strSAMName <> "") Then

' check it

If (Not CheckSAMName(strSAMName)) Then

' report an error

Call Err.Raise (1, strScriptName, strErrorMessage)

Exit Sub

End If

Exit Sub

End If

' generated new sSAMAccountName

strSAMName = GenerateSAMName(Request)

' put generated value to request and exit

If (strSAMName <> "") Then

Call Request.Put(strSAMAttrName, strSAMName)

Exit Sub

End If

End Sub ' onPreCreate

'===========================================================================

' onCheckPropertyValues

'===========================================================================

Sub onCheckPropertyValues(Request)

If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub

' get sAMAccountName value from request

Dim strSAMName

On Error Resume Next

strSAMName = Request.Get(strSAMAttrName)

On Error GoTo 0

If (IsEmpty(strSAMName)) Then strSAMName = ""

' empty value is valid in onCheckPropertyValues.

' it means sAMAccount name will be generated later in onPreCreate

If (strSAMName = "") Then Exit Sub

' if sAMAccount name is not empty, check it

If (Not CheckSAMName(strSAMName)) Then

Call Request.SetPolicyComplianceInfo(strSAMAttrName, EDS_POLICY_COMPLIANCE_ERROR, strErrorMessage)

End If

End Sub ' onCheckPropertyValues

'===========================================================================

' onGetEffectivePolicy

'===========================================================================

Sub onGetEffectivePolicy(Request)

If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub

' switch to server-side generation instead client-side generation

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_SERVER_SIDE_GENERATED, True)

' disable to manual editing

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_AUTO_GENERATED, True)

' clear client-side generation rule if exists

Call Request.ClearEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_POLICY_RULE)

' restrict sAMAccountName length

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_MAX_LENGTH, numMaxSAMNameLength)

' sAMAccountName case ajusting

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_ADJUST_CASE, EDS_CHAR_TRANSFORMATION_TYPE_NONE)

' sAMAccountName prohibited symbol

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_PROHIBITED_SYMBOLS, strSAMNameProhibited)

If (Not IsFullEffectivePolicyInfoRequested(Request, strSAMAttrName)) Then Exit Sub

' Generate sAMAccountName on server side

Dim strSAMName

strSAMName = Trim(GenerateSAMName(Request))

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_GENERATED_VALUE, strSAMName)

If (strSAMName = "") Then

' enable to manual editing

Call Request.ClearEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_AUTO_GENERATED)

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_VALUE_REQURIED, True)

End If

End Sub ' onGetEffectivePolicy

'***** END OF CODE ***************************************************************

  • Script Center
  • Script Center: VBScript
  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center