• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Custom script-based User Logon Name Generation policy
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • +Group management
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • -User management
          • Copy additional attributes on user copy
          • Create/Delete local user accounts, basing upon creation/deletion of user accounts in Active Directory
          • Custom script-based PVG-policy with generation rule
          • Custom script-based PVG-policy with possible values list
          • Custom script-based User Logon Name Generation policy
          • Delete Expired Users and Home Directory
          • Detailed debug information on the script policy request object
          • Function to get a DN of a user object using samAccountName
          • Get user account properties after it had been deleted
          • How to enable cross-domain moving of user accounts
          • How to enforce the use of the "Generate Password" function
          • How to prevent Active Roles interaction with file servers on User Home Folder Provision
          • How to prohibit specifying a user password that never expires
          • Last Bad Password Time
          • Manage country codes, names and abbreviations
          • Move a user to some OU upon creation
          • Notify manager when user object is deprovisioned
          • Populate a PVG policy with a possible values list from external source
          • Populate user attributes based on another attribute - e.g. 'Company'
          • Programmatically deprovision a user
          • Re-locates users according to a value set in a virtual attribute
          • Remove characters with an umlaute (öäü) and replace with corresponding characters
          • Restrict who can Disable users while allowing Enable
          • Review for user personal data
          • Script Policy to set account expiration for every created user account
          • Script-based "Last N characters of X attribute"-rule as part of User Logon Name Generation policy rules
          • Set correct country code for user
          • Simplified version of the script-based PVG-policy with a possible values list
          • Stamping manager DN by given manager Id
          • Standalone script to set logon hours of a user account
          • Tree of trust - allow objects to be managed only by their direct or indirect managers
          • User logon name generation without national characters
          • User Provisioning - Home Drive Location and Profile based on UserID
        • Validate moving operations
        • +VBScript: Approval

You are currently reviewing an older revision of this page.

  • History View current version

Custom script-based User Logon Name Generation policy

Back to User management: Provision

DESCRIPTION

No description


Note This code may use functions from the ARS Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.


SCRIPT

 

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTBILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT QUEST PROFESSIONAL SERVICES.

'*********************************************************************************

'

' This code is published on the ActiveRoles Script Center:

' http://communities.quest.com/docs/DOC-9991

'

' This code may use functions from the ARS Script Policy Best Practices:

' http://communities.quest.com/docs/DOC-10016

'

' Please, follow the link to obtain instructions and code for those functions.

'*********************************************************************************

Option Explicit

Const strScriptName = "Custom User Logon Name Generation"

Const strErrorMessage = "Error while User Logon Name generation"

Const strUserClassName = "user"

Const strSAMAttrName = "sAMAccountName"

Const numMaxSAMNameLength = 8

Const strSAMNameProhibited = """/\[]:;|=,+*?"

'################# SUBROUTINES ##########################################

'===========================================================================

Function CheckSAMName(strSAMName)

CheckSAMName = True

' check for sAMAccountName length

If (Len(strSAMName) <> numMaxSAMNameLength) Then

CheckSAMName = False

Exit Function

End If

' sAMAccountName should be not consist solely of spaces

If (Trim(strSAMName) = "") Then

CheckSAMName = False

Exit Function

End If

' sAMAccountName should be not consist solely of periods

If (Trim(strSAMName) = "........") Then

CheckSAMName = False

Exit Function

End If

' check for prohibited symbols

Dim i

For i=1 To Len(strSAMNameProhibited)

If (InStr(strSAMName, Mid(strSAMNameProhibited,i,1)) <> 0) Then

CheckSAMName = False

Exit Function

End If

Next

' add here code for sAMAccountName uniquness check in desired scope

' ...

' ...

End Function ' CheckSAMName

'===========================================================================

Function GenerateSAMName(Request)

GenerateSAMName = ""

Dim strFirstName, strLastName

' get user first name from request

On Error Resume Next

strFirstName = Request.Get("givenName")

On Error GoTo 0

If (IsEmpty(strFirstName)) Then strFirstName = ""

' get user last name from request

On Error Resume Next

strLastName = Request.Get("sn")

On Error GoTo 0

If (IsEmpty(strLastName)) Then strLastName = ""

Dim arrSAMNames, strSAMName

' for example, there is some combinations of first&last names for new sAMAccountName

' fill this array with your own combinations

arrSAMNames = Array( _

Left(strFirstName,6) & Left(strLastName,2), _

Left(strFirstName,5) & Left(strLastName,3), _

Left(strFirstName,4) & Left(strLastName,4), _

Left(strFirstName,3) & Left(strLastName,5), _

Left(strFirstName,2) & Left(strLastName,6), _

Left(strFirstName & strLastName, 8) )

For Each strSAMName In arrSAMNames

If (CheckSAMName(strSAMName)) Then

GenerateSAMName = strSAMName

Exit Function

End If

Next

End Function ' GenerateSAMName

'===========================================================================

Function IsFullEffectivePolicyInfoRequested(Request, strAttrName)

IsFullEffectivePolicyInfoRequested = False

Dim arrRequestedAttributes, strRequestedAttribute

' get ARS control that consists attribute names requested for FullEffectivePolicyInfo

On Error Resume Next

arrRequestedAttributes = Request.GetInControl(EDS_CONTROL_FULL_EFFECTIVE_POLICY_INFO)

On Error GoTo 0

' exit if no this ARS cintrol

If (IsEmpty(arrRequestedAttributes)) Then Exit Function

' check if ARS control consists a string with one attrbute name

If (VarType(arrRequestedAttributes) = vbString) Then

strRequestedAttribute = arrRequestedAttributes

If (LCase(strRequestedAttribute) = LCase(strAttrName)) Then

IsFullEffectivePolicyInfoRequested = True

Exit Function

End If

' check if ARS control consists an array of strings with attribute names

ElseIf (VarType(arrRequestedAttributes) = vbArray) Then

For Each strRequestedAttribute In arrRequestedAttributes

If (LCase(strRequestedAttribute) = LCase(strAttrName)) Then

IsFullEffectivePolicyInfoRequested = True

Exit Function

End If

Next

End If

End Function ' IsFullEffectivePolicyInfoRequested

'################# EVENT HANDLERS ##########################################

'===========================================================================

' onPreCreate

'===========================================================================

Sub onPreCreate(Request)

If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub

' get sAMAccountName value from request

Dim strSAMName

On Error Resume Next

strSAMName = Request.Get(strSAMAttrName)

On Error GoTo 0

If (IsEmpty(strSAMName)) Then strSAMName = ""

' if sAMAccountName is specified

If (strSAMName <> "") Then

' check it

If (Not CheckSAMName(strSAMName)) Then

' report an error

Call Err.Raise (1, strScriptName, strErrorMessage)

Exit Sub

End If

Exit Sub

End If

' generated new sSAMAccountName

strSAMName = GenerateSAMName(Request)

' put generated value to request and exit

If (strSAMName <> "") Then

Call Request.Put(strSAMAttrName, strSAMName)

Exit Sub

End If

End Sub ' onPreCreate

'===========================================================================

' onCheckPropertyValues

'===========================================================================

Sub onCheckPropertyValues(Request)

If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub

' get sAMAccountName value from request

Dim strSAMName

On Error Resume Next

strSAMName = Request.Get(strSAMAttrName)

On Error GoTo 0

If (IsEmpty(strSAMName)) Then strSAMName = ""

' empty value is valid in onCheckPropertyValues.

' it means sAMAccount name will be generated later in onPreCreate

If (strSAMName = "") Then Exit Sub

' if sAMAccount name is not empty, check it

If (Not CheckSAMName(strSAMName)) Then

Call Request.SetPolicyComplianceInfo(strSAMAttrName, EDS_POLICY_COMPLIANCE_ERROR, strErrorMessage)

End If

End Sub ' onCheckPropertyValues

'===========================================================================

' onGetEffectivePolicy

'===========================================================================

Sub onGetEffectivePolicy(Request)

If (LCase(Request.Class) <> LCase(strUserClassName)) Then Exit Sub

' switch to server-side generation instead client-side generation

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_SERVER_SIDE_GENERATED, True)

' disable to manual editing

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_AUTO_GENERATED, True)

' clear client-side generation rule if exists

Call Request.ClearEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_POLICY_RULE)

' restrict sAMAccountName length

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_MAX_LENGTH, numMaxSAMNameLength)

' sAMAccountName case ajusting

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_ADJUST_CASE, EDS_CHAR_TRANSFORMATION_TYPE_NONE)

' sAMAccountName prohibited symbol

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_PROHIBITED_SYMBOLS, strSAMNameProhibited)

If (Not IsFullEffectivePolicyInfoRequested(Request, strSAMAttrName)) Then Exit Sub

' Generate sAMAccountName on server side

Dim strSAMName

strSAMName = Trim(GenerateSAMName(Request))

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_GENERATED_VALUE, strSAMName)

If (strSAMName = "") Then

' enable to manual editing

Call Request.ClearEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_AUTO_GENERATED)

Call Request.SetEffectivePolicyInfo(strSAMAttrName, EDS_EPI_UI_VALUE_REQURIED, True)

End If

End Sub ' onGetEffectivePolicy

'***** END OF CODE ***************************************************************

COMPATIBILITY

Script compatible with the following version(s): ARS 6.0 or later

Back to User management: Provision

  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center