Hi, we have some requirement that involves changing AD account CN, based on some identity attribute (I know this is not recommended, but is part of come client business).
Is there some way to achieve this rename operation?
HI Julian,
Did you try using AC_NewName ? Create a Provisioning Policy and have this configured and see if you are able to change the CN ?
3 Likes
Hello @jsosa ,
Yes, you can definately change CN of the user in AD using “AC_NewName“ OOTB attribute which you have to pass in AD through provisioning and AD will come to know that CN of the user has to change.
This is mostly done in before provisioning cloud rule.
What you can do is you can create an “Name History“ identity attribute which stores old and new value of displayName and map this attr to one of the Non-Provisioning AD attribute in create profile (exclude this attribute from provisioning) and enable attribute sync for it in AD source.
In before provisioning rule, capture this attribute modification and add AC_NewName in the provisioning plan with new CN value.
If you want further details on it, I will provide you a sample code and low level implementation details.
Regards,
Rohit Wekhande