Hey Edward,
It is to my understanding that the usageType of “UPDATE” and all others that are not “CREATE” are not currently supported for Active Directory (you can reference my topic about Provisioning Policies (link)).
To me, it looks like you’re trying to sync the “samaccountname” Identity Attribute with the AC_NewName field, but with some modifications. In order to do this, you will have to create an Identity Attribute for the AC_NewName field that already has its modifications, and this logic will have to be performed on the Identity level, like below:
Identity Attribute Transform
{
"name": "acNewName",
"type": "concat",
"attributes": {
"values": [
"CN=",
{
"attributes": {
"values": [
{
"attributes": {
"attributeName": "sAMAccountName",
"sourceName": "Active Directory"
},
"type": "accountAttribute"
},
"null"
]
},
"type": "firstValid"
}
]
}
}
Once that has been defined, simply define a value for the AC_NewName attribute in your CREATE profile by setting it to the newly created Identity Attribute value (note that you will have to add the attribute into the Provisioning Policy via the API first):
AD Create Profile (“CREATE” Provisioning Policy)
{
"name": "Account",
"description": null,
"usageType": "CREATE",
"fields": [
{
"name": "AC_NewName",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "acNewName"
}
}
},
{
"name": "sAMAccountName",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "samaccountname"
}
},
"attributes": {
"cloudRequired": "true"
},
"isRequired": false,
"type": "string",
"isMultiValued": false
}
]
}
Create Profile UI
Then, proceed to the Attribute Sync tab and check the “Sync with Identity” box for this attribute:
Attribute Sync Configuration
I believe this will accomplish what you’re looking to do. Please let me know if you learn anything else that may also be of use to me! I would love to use the UPDATE provisioning policy if it were to become available.