we’ve a use case, based on some of the identity attribute we should perform OU calculation to generate the DN for an AD account, before that we need to validate the OU path exists in AD and if not exists create it and then create an AD account. As we know out of the box IDN not supports this. We’re planning to use JNDI calls in rule or use powershell execution via before provisioning rule. Is anyone have come across such scenario? Are you foreseeing any challenges
In Normal scenario OU should be create first because this is one time action, because in your code you also need menthion those if else statements
once OU is created if these accounts doesn’t move for movers then you can transform for create or use before provisioning rule so you can also use for mover based on dept
here is sailpoint docs and best partices