Back to User management: Provision
DESCRIPTION
No description
Note This code may use functions from the ARS Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.
SCRIPT
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT QUEST PROFESSIONAL SERVICES.
'*********************************************************************************
'
' This code is published on the ActiveRoles Script Center:
' http://communities.quest.com/docs/DOC-9991
'
' This code may use functions from the ARS Script Policy Best Practices:
' http://communities.quest.com/docs/DOC-10016
'
' Please, follow the link to obtain instructions and code for those functions.
'*********************************************************************************
Option Explicit
Const strScriptName = "Custom User Logon Name Generation"
Const strErrorMessage = "Error while User Logon Name generation"
Const strUserClassName = "user"
Const strSAMAttrName = "sAMAccountName"
Const numMaxSAMNameLength = 8
Const strSAMNameProhibited = """/\[]:;|=,+*?"
'################# SUBROUTINES ##########################################
'===========================================================================
Function CheckSAMName(strSAMName)
CheckSAMName = True
' check for sAMAccountName length
If (Len(strSAMName) <> numMaxSAMNameLength) Then
CheckSAMName = False
Exit Function
End If
' sAMAccountName should be not consist solely of spaces
If (Trim(strSAMName) = "") Then
CheckSAMName = False
Exit Function
End If
' sAMAccountName should be not consist solely of periods
If (Trim(strSAMName) = "........") Then
CheckSAMName = False
Exit Function
End If
' check for prohibited symbols
Dim i
For i=1 To Len(strSAMNameProhibited)
If (InStr(strSAMName, Mid(strSAMNameProhibited,i,1)) <> 0) Then
CheckSAMName = False
Exit Function
End If
Next
' add here code for sAMAccountName uniquness check in desired scope
' ...
' ...
End Function ' CheckSAMName
'===========================================================================
Function GenerateSAMName(Request)
GenerateSAMName = ""
Dim strFirstName, strLastName
' get user first name from request
On Error Resume Next
strFirstName = Request.Get("givenName")
On Error GoTo 0
If (IsEmpty(strFirstName)) Then strFirstName = ""
' get user last name from request
On Error Resume Next
strLastName = Request.Get("sn")
On Error GoTo 0
If (IsEmpty(strLastName)) Then strLastName = ""
Dim arrSAMNames, strSAMName
' for example, there is some combinations of first&last names for new sAMAccountName
' fill this array with your own combinations
arrSAMNames = Array( _
Left(strFirstName,6) & Left(strLastName,2), _
Left(strFirstName,5) & Left(strLastName,3), _
Left(strFirstName,4) & Left(strLastName,4), _
Left(strFirstName,3) & Left(strLastName,5), _
Left(strFirstName,2) & Left(strLastName,6), _
Left(strFirstName & strLastName, 8) )
For Each strSAMName In arrSAMNames
If (CheckSAMName(strSAMName)) Then
GenerateSAMName = strSAMName
Exit Function
End If
Next
End Function ' GenerateSAMName
'===========================================================================
Function IsFullEffectivePolicyInfoRequested(Request, strAttrName)
IsFullEffectivePolicyInfoRequested = False
Dim arrRequestedAttributes, strRequestedAttribute
' get ARS control that consists attribute names requested for FullEffectivePolicyInfo
On Error Resume Next
arrRequestedAttributes = Request.GetInControl(EDS_CONTROL_FULL_EFFECTIVE_POLICY_INFO)
On Error GoTo 0
' exit if no this ARS cintrol
If (IsEmpty(arrRequestedAttributes)) Then Exit Function
' check if ARS control consists a string with one attrbute name
If (VarType(arrRequestedAttributes) = vbString) Then
strRequestedAttribute = arrRequestedAttributes
If (LCase(strRequestedAttribute) = LCase(strAttrName)) Then
IsFullEffectivePolicyInfoRequested = True
Exit Function
End If
' check if ARS control consists an array of strings with attribute names
ElseIf (VarType(arrRequestedAttributes) = vbArray) Then
For Each strRequestedAttribute In arrRequestedAttributes
If (LCase(strRequestedAttribute) = LCase(strAttrName)) Then
IsFullEffectivePolicyInfoRequested = True
Exit Function
End If
Next
End If
End Function ' IsFullEffectivePolicyInfoRequested
'################# EVENT HANDLERS ##########################################
'===========================================================================
' onPreCreate
'===========================================================================
Sub onPreCreate(Request)
If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub
' get sAMAccountName value from request
Dim strSAMName
On Error Resume Next
strSAMName = Request.Get(strSAMAttrName)
On Error GoTo 0
If (IsEmpty(strSAMName)) Then strSAMName = ""
' if sAMAccountName is specified
If (strSAMName <> "") Then
' check it
If (Not CheckSAMName(strSAMName)) Then
' report an error
Call Err.Raise (1, strScriptName, strErrorMessage)
Exit Sub
End If
Exit Sub
End If
' generated new sSAMAccountName
strSAMName = GenerateSAMName(Request)
' put generated value to request and exit
If (strSAMName <> "") Then
Call Request.Put(strSAMAttrName, strSAMName)
Exit Sub
End If
End Sub ' onPreCreate
'===========================================================================
' onCheckPropertyValues
'===========================================================================
Sub onCheckPropertyValues(Request)
If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub
' get sAMAccountName value from request
Dim strSAMName
On Error Resume Next
strSAMName = Request.Get(strSAMAttrName)
On Error GoTo 0
If (IsEmpty(strSAMName)) Then strSAMName = ""
' empty value is valid in onCheckPropertyValues.
' it means sAMAccount name will be generated later in onPreCreate
If (strSAMName = "") Then Exit Sub
' if sAMAccount name is not empty, check it
If (Not CheckSAMName(strSAMName)) Then
Call Request.SetPolicyComplianceInfo(strSAMAttrName, EDS_POLICY_COMPLIANCE_ERROR, strErrorMessage)
End If
End Sub ' onCheckPropertyValues
'===========================================================================
' onGetEffectivePolicy
'===========================================================================
Sub onGetEffectivePolicy(Request)
If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub
' switch to server-side generation instead client-side generation
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_SERVER_SIDE_GENERATED, True)
' disable to manual editing
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_AUTO_GENERATED, True)
' clear client-side generation rule if exists
Call Request.ClearEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_POLICY_RULE)
' restrict sAMAccountName length
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_MAX_LENGTH, numMaxSAMNameLength)
' sAMAccountName case ajusting
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_ADJUST_CASE, EDS_CHAR_TRANSFORMATION_TYPE_NONE)
' sAMAccountName prohibited symbol
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_PROHIBITED_SYMBOLS, strSAMNameProhibited)
If (Not IsFullEffectivePolicyInfoRequested(Request, strSAMAttrName)) Then Exit Sub
' Generate sAMAccountName on server side
Dim strSAMName
strSAMName = Trim(GenerateSAMName(Request))
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_GENERATED_VALUE, strSAMName)
If (strSAMName = "") Then
' enable to manual editing
Call Request.ClearEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_AUTO_GENERATED)
Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_VALUE_REQURIED, True)
End If
End Sub ' onGetEffectivePolicy
'***** END OF CODE ***************************************************************
COMPATIBILITY
Script compatible with the following version(s): ARS 6.0 or later